Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-39876 (GCVE-0-2025-39876)
Vulnerability from cvelistv5 – Published: 2025-09-23 06:00 – Updated: 2025-11-03 17:44
VLAI?
EPSS
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
The function of_phy_find_device may return NULL, so we need to take
care before dereferencing phy_dev.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9e70485b40c8306298adea8bdc867ca27f88955a , < 8c60d12bba14dc655d2d948b1dbf390b3ae39cb8
(git)
Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < 20a3433d31c2d2bf70ab0abec75f3136b42ae66c (git) Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < 93a699d6e92cfdfa9eb9dbb8c653b5322542ca4f (git) Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < 5f1bb554a131e59b28482abad21f691390651752 (git) Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < fe78891f296ac05bf4e5295c9829ef822f3c32e7 (git) Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < 4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5 (git) Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < eb148d85e126c47d65be34f2a465d69432ca5541 (git) Affected: 64a632da538a6827fad0ea461925cedb9899ebe2 , < 03e79de4608bdd48ad6eec272e196124cefaf798 (git) Affected: c068e505f229ca5f778f825f1401817ce818e917 (git) Affected: 8a6ab151443cd71e2aa5e8b7014e3453dbd51935 (git) Affected: ce88b5f42868ef4964c497d4dfcd25e88fd60c5b (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:21.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/fec_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c60d12bba14dc655d2d948b1dbf390b3ae39cb8",
"status": "affected",
"version": "9e70485b40c8306298adea8bdc867ca27f88955a",
"versionType": "git"
},
{
"lessThan": "20a3433d31c2d2bf70ab0abec75f3136b42ae66c",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"lessThan": "93a699d6e92cfdfa9eb9dbb8c653b5322542ca4f",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"lessThan": "5f1bb554a131e59b28482abad21f691390651752",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"lessThan": "fe78891f296ac05bf4e5295c9829ef822f3c32e7",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"lessThan": "4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"lessThan": "eb148d85e126c47d65be34f2a465d69432ca5541",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"lessThan": "03e79de4608bdd48ad6eec272e196124cefaf798",
"status": "affected",
"version": "64a632da538a6827fad0ea461925cedb9899ebe2",
"versionType": "git"
},
{
"status": "affected",
"version": "c068e505f229ca5f778f825f1401817ce818e917",
"versionType": "git"
},
{
"status": "affected",
"version": "8a6ab151443cd71e2aa5e8b7014e3453dbd51935",
"versionType": "git"
},
{
"status": "affected",
"version": "ce88b5f42868ef4964c497d4dfcd25e88fd60c5b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/freescale/fec_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.245",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.194",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.300",
"versionStartIncluding": "5.4.73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.245",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.194",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.153",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.107",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.48",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.8",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.8.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-02T13:26:16.729Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c60d12bba14dc655d2d948b1dbf390b3ae39cb8"
},
{
"url": "https://git.kernel.org/stable/c/20a3433d31c2d2bf70ab0abec75f3136b42ae66c"
},
{
"url": "https://git.kernel.org/stable/c/93a699d6e92cfdfa9eb9dbb8c653b5322542ca4f"
},
{
"url": "https://git.kernel.org/stable/c/5f1bb554a131e59b28482abad21f691390651752"
},
{
"url": "https://git.kernel.org/stable/c/fe78891f296ac05bf4e5295c9829ef822f3c32e7"
},
{
"url": "https://git.kernel.org/stable/c/4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5"
},
{
"url": "https://git.kernel.org/stable/c/eb148d85e126c47d65be34f2a465d69432ca5541"
},
{
"url": "https://git.kernel.org/stable/c/03e79de4608bdd48ad6eec272e196124cefaf798"
}
],
"title": "net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-39876",
"datePublished": "2025-09-23T06:00:47.731Z",
"dateReserved": "2025-04-16T07:20:57.144Z",
"dateUpdated": "2025-11-03T17:44:21.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-39876\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-23T06:15:47.087\",\"lastModified\":\"2025-11-03T18:16:51.470\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\\n\\nThe function of_phy_find_device may return NULL, so we need to take\\ncare before dereferencing phy_dev.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/03e79de4608bdd48ad6eec272e196124cefaf798\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/20a3433d31c2d2bf70ab0abec75f3136b42ae66c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5f1bb554a131e59b28482abad21f691390651752\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8c60d12bba14dc655d2d948b1dbf390b3ae39cb8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/93a699d6e92cfdfa9eb9dbb8c653b5322542ca4f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/eb148d85e126c47d65be34f2a465d69432ca5541\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fe78891f296ac05bf4e5295c9829ef822f3c32e7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
MSRC_CVE-2025-39876
Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2025-09-24 01:02Summary
net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-39876 net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-39876.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()",
"tracking": {
"current_release_date": "2025-09-24T01:02:26.000Z",
"generator": {
"date": "2025-10-20T03:48:57.201Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-39876",
"initial_release_date": "2025-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-24T01:02:26.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kernel 6.6.96.2-2",
"product": {
"name": "azl3 kernel 6.6.96.2-2",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.96.2-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-39876",
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-39876 net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-39876.json"
}
],
"title": "net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()"
}
]
}
SUSE-SU-2025:4128-1
Vulnerability from csaf_suse - Published: 2025-11-18 13:51 - Updated: 2025-11-18 13:51Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
Patchnames
SUSE-2025-4128,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-4128,openSUSE-SLE-15.6-2025-4128
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non security issues were fixed:\n\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \u0027guest stopped request\u0027 once per guest time update (git-fixes).\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4128,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-4128,openSUSE-SLE-15.6-2025-4128",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4128-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4128-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254128-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4128-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023299.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252236",
"url": "https://bugzilla.suse.com/1252236"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-18T13:51:55Z",
"generator": {
"date": "2025-11-18T13:51:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4128-1",
"initial_release_date": "2025-11-18T13:51:55Z",
"revision_history": [
{
"date": "2025-11-18T13:51:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"product": {
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"product_id": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"product": {
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"product_id": "kernel-source-azure-6.4.0-150600.8.55.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"product_id": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-6.4.0-150600.8.55.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch"
},
"product_reference": "kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
},
"product_reference": "reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:cluster-md-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:dlm-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:gfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-devel-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-extra-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-azure-optional-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-azure-vdso-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kernel-devel-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-source-azure-6.4.0-150600.8.55.1.noarch",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kernel-syms-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:kselftests-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:ocfs2-kmp-azure-6.4.0-150600.8.55.1.x86_64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.aarch64",
"openSUSE Leap 15.6:reiserfs-kmp-azure-6.4.0-150600.8.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-18T13:51:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:4189-1
Vulnerability from csaf_suse - Published: 2025-11-24 09:18 - Updated: 2025-11-24 09:18Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2021-4460: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1250764).
- CVE-2022-48631: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2022-50236: iommu/mediatek: Fix crash on isr after kexec() (bsc#1249702).
- CVE-2022-50249: memory: of: Fix refcount leak bug in of_get_ddr_timings() (bsc#1249747).
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2022-50293: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (bsc#1249752).
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50350: scsi: target: iscsi: Fix a race condition between login_work and the login thread (bsc#1250261).
- CVE-2022-50356: net: sched: sfb: fix null pointer access issue when sfb_init() fails (bsc#1250040).
- CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250277).
- CVE-2022-50394: i2c: ismt: Fix an out-of-bounds bug in ismt_access() (bsc#1250107).
- CVE-2022-50395: integrity: Fix memory leakage in keyring allocation error path (bsc#1250211).
- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784).
- CVE-2022-50443: drm/rockchip: lvds: fix PM usage counter unbalance in poweron (bsc#1250768).
- CVE-2022-50459: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1250850).
- CVE-2022-50481: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (bsc#1251051).
- CVE-2022-50485: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1251197).
- CVE-2022-50505: iommu/amd: Fix pci device refcount leak in ppr_notifier() (bsc#1251086).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2022-50542: media: si470x: Fix use-after-free in si470x_int_in_callback() (bsc#1251330).
- CVE-2022-50571: btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure (bsc#1252487).
- CVE-2023-53183: btrfs: exit gracefully if reloc roots don't match (bsc#1249863).
- CVE-2023-53185: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (bsc#1249820).
- CVE-2023-53188: net: openvswitch: fix race on port output (bsc#1249854).
- CVE-2023-53191: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains (bsc#1249721).
- CVE-2023-53204: af_unix: Fix data-races around user->unix_inflight (bsc#1249682).
- CVE-2023-53271: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (bsc#1249916).
- CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).
- CVE-2023-53289: media: bdisp: Add missing check for create_workqueue (bsc#1249941).
- CVE-2023-53292: blk-mq: protect q->elevator by ->sysfs_lock in blk_mq_elv_switch_none (bsc#1250163).
- CVE-2023-53338: lwt: Fix return values of BPF xmit ops (bsc#1250074).
- CVE-2023-53339: btrfs: fix BUG_ON condition in btrfs_cancel_balance (bsc#1250329).
- CVE-2023-53373: crypto: seqiv - Handle EBUSY correctly (bsc#1250137).
- CVE-2023-53433: net: add vlan_get_protocol_and_depth() helper (bsc#1250164).
- CVE-2023-53476: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (bsc#1250839).
- CVE-2023-53477: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (bsc#1250840).
- CVE-2023-53484: lib: cpu_rmap: Avoid use after free on rmap->obj array entries (bsc#1250895).
- CVE-2023-53517: tipc: do not update mtu if msg_max is too small in mtu negotiation (bsc#1250919).
- CVE-2023-53519: media: v4l2-mem2mem: add lock to protect parameter num_rdy (bsc#1250964).
- CVE-2023-53540: wifi: cfg80211: reject auth/assoc to AP with our address (bsc#1251053).
- CVE-2023-53548: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (bsc#1251066).
- CVE-2023-53556: iavf: Fix use-after-free in free_netdev (bsc#1251059).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53582: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (bsc#1251061).
- CVE-2023-53589: wifi: iwlwifi: mvm: don't trust firmware n_channels (bsc#1251129).
- CVE-2023-53593: cifs: Release folio lock on fscache read hit (bsc#1251132).
- CVE-2023-53594: driver core: fix resource leak in device_add() (bsc#1251166).
- CVE-2023-53596: drivers: base: Free devm resources when unregistering a device (bsc#1251161).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53620: md: fix soft lockup in status_resync.
- CVE-2023-53624: net/sched: sch_fq: fix integer overflow of 'credit' (bsc#1251333).
- CVE-2023-53635: netfilter: conntrack: fix wrong ct->timeout value (bsc#1251524).
- CVE-2023-53648: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (bsc#1251750).
- CVE-2023-53687: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (bsc#1251772).
- CVE-2023-53695: udf: Detect system inodes linked into directory hierarchy (bsc#1252539).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2023-53707: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (bsc#1252632).
- CVE-2023-53715: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (bsc#1252545).
- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560).
- CVE-2023-53733: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode (bsc#1252685).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38680: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (bsc#1249203).
- CVE-2025-38691: pNFS: Fix uninited ptr deref in block/scsi layout (bsc#1249215).
- CVE-2025-38695: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1249285).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38714: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (bsc#1249260).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-38724: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (bsc#1249169).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39724: serial: 8250: fix panic due to PSLVERR (bsc#1249265).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39772: drm/hisilicon/hibmc: fix the hibmc loaded failed bug (bsc#1249506).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39841: scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250274).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39923: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (bsc#1250741).
- CVE-2025-39929: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path (bsc#1251036).
- CVE-2025-39931: crypto: af_alg - Set merge to zero early in af_alg_sendmsg (bsc#1251100).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39970: i40e: Fix filter input checks to prevent config with invalid values (bsc#1252051).
- CVE-2025-39971: i40e: Add bounds check for ch[] array (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39997: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (bsc#1252056).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40049: Squashfs: fix uninit-value in squashfs_get_parent (bsc#1252822).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40082: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1252775).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
The following non security issues were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
- openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1249854)
Patchnames
SUSE-2025-4189,SUSE-SLE-Live-Patching-12-SP5-2025-4189,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4189,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4189
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2021-4460: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1250764).\n- CVE-2022-48631: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth \u003e 0 (bsc#1223475).\n- CVE-2022-50236: iommu/mediatek: Fix crash on isr after kexec() (bsc#1249702).\n- CVE-2022-50249: memory: of: Fix refcount leak bug in of_get_ddr_timings() (bsc#1249747).\n- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).\n- CVE-2022-50293: btrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range (bsc#1249752).\n- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).\n- CVE-2022-50350: scsi: target: iscsi: Fix a race condition between login_work and the login thread (bsc#1250261).\n- CVE-2022-50356: net: sched: sfb: fix null pointer access issue when sfb_init() fails (bsc#1250040).\n- CVE-2022-50367: fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1250277).\n- CVE-2022-50394: i2c: ismt: Fix an out-of-bounds bug in ismt_access() (bsc#1250107).\n- CVE-2022-50395: integrity: Fix memory leakage in keyring allocation error path (bsc#1250211).\n- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784).\n- CVE-2022-50443: drm/rockchip: lvds: fix PM usage counter unbalance in poweron (bsc#1250768).\n- CVE-2022-50459: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1250850).\n- CVE-2022-50481: cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() (bsc#1251051).\n- CVE-2022-50485: ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1251197).\n- CVE-2022-50505: iommu/amd: Fix pci device refcount leak in ppr_notifier() (bsc#1251086).\n- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).\n- CVE-2022-50542: media: si470x: Fix use-after-free in si470x_int_in_callback() (bsc#1251330).\n- CVE-2022-50571: btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure (bsc#1252487).\n- CVE-2023-53183: btrfs: exit gracefully if reloc roots don\u0027t match (bsc#1249863).\n- CVE-2023-53185: wifi: ath9k: don\u0027t allow to overwrite ENDPOINT0 attributes (bsc#1249820).\n- CVE-2023-53188: net: openvswitch: fix race on port output (bsc#1249854).\n- CVE-2023-53191: irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains (bsc#1249721).\n- CVE-2023-53204: af_unix: Fix data-races around user-\u003eunix_inflight (bsc#1249682).\n- CVE-2023-53271: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() (bsc#1249916).\n- CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).\n- CVE-2023-53289: media: bdisp: Add missing check for create_workqueue (bsc#1249941).\n- CVE-2023-53292: blk-mq: protect q-\u003eelevator by -\u003esysfs_lock in blk_mq_elv_switch_none (bsc#1250163).\n- CVE-2023-53338: lwt: Fix return values of BPF xmit ops (bsc#1250074).\n- CVE-2023-53339: btrfs: fix BUG_ON condition in btrfs_cancel_balance (bsc#1250329).\n- CVE-2023-53373: crypto: seqiv - Handle EBUSY correctly (bsc#1250137).\n- CVE-2023-53433: net: add vlan_get_protocol_and_depth() helper (bsc#1250164).\n- CVE-2023-53476: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (bsc#1250839).\n- CVE-2023-53477: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation (bsc#1250840).\n- CVE-2023-53484: lib: cpu_rmap: Avoid use after free on rmap-\u003eobj array entries (bsc#1250895).\n- CVE-2023-53517: tipc: do not update mtu if msg_max is too small in mtu negotiation (bsc#1250919).\n- CVE-2023-53519: media: v4l2-mem2mem: add lock to protect parameter num_rdy (bsc#1250964).\n- CVE-2023-53540: wifi: cfg80211: reject auth/assoc to AP with our address (bsc#1251053).\n- CVE-2023-53548: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (bsc#1251066).\n- CVE-2023-53556: iavf: Fix use-after-free in free_netdev (bsc#1251059).\n- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).\n- CVE-2023-53582: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (bsc#1251061).\n- CVE-2023-53589: wifi: iwlwifi: mvm: don\u0027t trust firmware n_channels (bsc#1251129).\n- CVE-2023-53593: cifs: Release folio lock on fscache read hit (bsc#1251132).\n- CVE-2023-53594: driver core: fix resource leak in device_add() (bsc#1251166).\n- CVE-2023-53596: drivers: base: Free devm resources when unregistering a device (bsc#1251161).\n- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).\n- CVE-2023-53620: md: fix soft lockup in status_resync.\n- CVE-2023-53624: net/sched: sch_fq: fix integer overflow of \u0027credit\u0027 (bsc#1251333).\n- CVE-2023-53635: netfilter: conntrack: fix wrong ct-\u003etimeout value (bsc#1251524).\n- CVE-2023-53648: ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (bsc#1251750).\n- CVE-2023-53687: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (bsc#1251772).\n- CVE-2023-53695: udf: Detect system inodes linked into directory hierarchy (bsc#1252539).\n- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).\n- CVE-2023-53707: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (bsc#1252632).\n- CVE-2023-53715: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (bsc#1252545).\n- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560).\n- CVE-2023-53733: net: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode (bsc#1252685).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38680: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (bsc#1249203).\n- CVE-2025-38691: pNFS: Fix uninited ptr deref in block/scsi layout (bsc#1249215).\n- CVE-2025-38695: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1249285).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38714: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (bsc#1249260).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-38724: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (bsc#1249169).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39724: serial: 8250: fix panic due to PSLVERR (bsc#1249265).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39772: drm/hisilicon/hibmc: fix the hibmc loaded failed bug (bsc#1249506).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39841: scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250274).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39923: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (bsc#1250741).\n- CVE-2025-39929: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path (bsc#1251036).\n- CVE-2025-39931: crypto: af_alg - Set merge to zero early in af_alg_sendmsg (bsc#1251100).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39970: i40e: Fix filter input checks to prevent config with invalid values (bsc#1252051).\n- CVE-2025-39971: i40e: Add bounds check for ch[] array (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39997: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (bsc#1252056).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).\n- CVE-2025-40049: Squashfs: fix uninit-value in squashfs_get_parent (bsc#1252822).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40082: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1252775).\n- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).\n\nThe following non security issues were fixed:\n\n- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).\n- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).\n- openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1249854)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4189,SUSE-SLE-Live-Patching-12-SP5-2025-4189,SUSE-SLE-SERVER-12-SP5-LTSS-2025-4189,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-4189",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4189-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4189-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254189-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4189-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023334.html"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1154048",
"url": "https://bugzilla.suse.com/1154048"
},
{
"category": "self",
"summary": "SUSE Bug 1205128",
"url": "https://bugzilla.suse.com/1205128"
},
{
"category": "self",
"summary": "SUSE Bug 1210124",
"url": "https://bugzilla.suse.com/1210124"
},
{
"category": "self",
"summary": "SUSE Bug 1212175",
"url": "https://bugzilla.suse.com/1212175"
},
{
"category": "self",
"summary": "SUSE Bug 1213747",
"url": "https://bugzilla.suse.com/1213747"
},
{
"category": "self",
"summary": "SUSE Bug 1215136",
"url": "https://bugzilla.suse.com/1215136"
},
{
"category": "self",
"summary": "SUSE Bug 1215152",
"url": "https://bugzilla.suse.com/1215152"
},
{
"category": "self",
"summary": "SUSE Bug 1223475",
"url": "https://bugzilla.suse.com/1223475"
},
{
"category": "self",
"summary": "SUSE Bug 1235485",
"url": "https://bugzilla.suse.com/1235485"
},
{
"category": "self",
"summary": "SUSE Bug 1247518",
"url": "https://bugzilla.suse.com/1247518"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249169",
"url": "https://bugzilla.suse.com/1249169"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249203",
"url": "https://bugzilla.suse.com/1249203"
},
{
"category": "self",
"summary": "SUSE Bug 1249215",
"url": "https://bugzilla.suse.com/1249215"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249260",
"url": "https://bugzilla.suse.com/1249260"
},
{
"category": "self",
"summary": "SUSE Bug 1249265",
"url": "https://bugzilla.suse.com/1249265"
},
{
"category": "self",
"summary": "SUSE Bug 1249285",
"url": "https://bugzilla.suse.com/1249285"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249506",
"url": "https://bugzilla.suse.com/1249506"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249682",
"url": "https://bugzilla.suse.com/1249682"
},
{
"category": "self",
"summary": "SUSE Bug 1249702",
"url": "https://bugzilla.suse.com/1249702"
},
{
"category": "self",
"summary": "SUSE Bug 1249721",
"url": "https://bugzilla.suse.com/1249721"
},
{
"category": "self",
"summary": "SUSE Bug 1249747",
"url": "https://bugzilla.suse.com/1249747"
},
{
"category": "self",
"summary": "SUSE Bug 1249752",
"url": "https://bugzilla.suse.com/1249752"
},
{
"category": "self",
"summary": "SUSE Bug 1249806",
"url": "https://bugzilla.suse.com/1249806"
},
{
"category": "self",
"summary": "SUSE Bug 1249820",
"url": "https://bugzilla.suse.com/1249820"
},
{
"category": "self",
"summary": "SUSE Bug 1249854",
"url": "https://bugzilla.suse.com/1249854"
},
{
"category": "self",
"summary": "SUSE Bug 1249859",
"url": "https://bugzilla.suse.com/1249859"
},
{
"category": "self",
"summary": "SUSE Bug 1249863",
"url": "https://bugzilla.suse.com/1249863"
},
{
"category": "self",
"summary": "SUSE Bug 1249916",
"url": "https://bugzilla.suse.com/1249916"
},
{
"category": "self",
"summary": "SUSE Bug 1249941",
"url": "https://bugzilla.suse.com/1249941"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250040",
"url": "https://bugzilla.suse.com/1250040"
},
{
"category": "self",
"summary": "SUSE Bug 1250074",
"url": "https://bugzilla.suse.com/1250074"
},
{
"category": "self",
"summary": "SUSE Bug 1250107",
"url": "https://bugzilla.suse.com/1250107"
},
{
"category": "self",
"summary": "SUSE Bug 1250137",
"url": "https://bugzilla.suse.com/1250137"
},
{
"category": "self",
"summary": "SUSE Bug 1250163",
"url": "https://bugzilla.suse.com/1250163"
},
{
"category": "self",
"summary": "SUSE Bug 1250164",
"url": "https://bugzilla.suse.com/1250164"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250211",
"url": "https://bugzilla.suse.com/1250211"
},
{
"category": "self",
"summary": "SUSE Bug 1250261",
"url": "https://bugzilla.suse.com/1250261"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250277",
"url": "https://bugzilla.suse.com/1250277"
},
{
"category": "self",
"summary": "SUSE Bug 1250311",
"url": "https://bugzilla.suse.com/1250311"
},
{
"category": "self",
"summary": "SUSE Bug 1250329",
"url": "https://bugzilla.suse.com/1250329"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250741",
"url": "https://bugzilla.suse.com/1250741"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250764",
"url": "https://bugzilla.suse.com/1250764"
},
{
"category": "self",
"summary": "SUSE Bug 1250768",
"url": "https://bugzilla.suse.com/1250768"
},
{
"category": "self",
"summary": "SUSE Bug 1250784",
"url": "https://bugzilla.suse.com/1250784"
},
{
"category": "self",
"summary": "SUSE Bug 1250839",
"url": "https://bugzilla.suse.com/1250839"
},
{
"category": "self",
"summary": "SUSE Bug 1250840",
"url": "https://bugzilla.suse.com/1250840"
},
{
"category": "self",
"summary": "SUSE Bug 1250850",
"url": "https://bugzilla.suse.com/1250850"
},
{
"category": "self",
"summary": "SUSE Bug 1250895",
"url": "https://bugzilla.suse.com/1250895"
},
{
"category": "self",
"summary": "SUSE Bug 1250919",
"url": "https://bugzilla.suse.com/1250919"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1250964",
"url": "https://bugzilla.suse.com/1250964"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251036",
"url": "https://bugzilla.suse.com/1251036"
},
{
"category": "self",
"summary": "SUSE Bug 1251051",
"url": "https://bugzilla.suse.com/1251051"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251061",
"url": "https://bugzilla.suse.com/1251061"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251072",
"url": "https://bugzilla.suse.com/1251072"
},
{
"category": "self",
"summary": "SUSE Bug 1251080",
"url": "https://bugzilla.suse.com/1251080"
},
{
"category": "self",
"summary": "SUSE Bug 1251086",
"url": "https://bugzilla.suse.com/1251086"
},
{
"category": "self",
"summary": "SUSE Bug 1251088",
"url": "https://bugzilla.suse.com/1251088"
},
{
"category": "self",
"summary": "SUSE Bug 1251091",
"url": "https://bugzilla.suse.com/1251091"
},
{
"category": "self",
"summary": "SUSE Bug 1251099",
"url": "https://bugzilla.suse.com/1251099"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251128",
"url": "https://bugzilla.suse.com/1251128"
},
{
"category": "self",
"summary": "SUSE Bug 1251129",
"url": "https://bugzilla.suse.com/1251129"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251166",
"url": "https://bugzilla.suse.com/1251166"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251182",
"url": "https://bugzilla.suse.com/1251182"
},
{
"category": "self",
"summary": "SUSE Bug 1251197",
"url": "https://bugzilla.suse.com/1251197"
},
{
"category": "self",
"summary": "SUSE Bug 1251202",
"url": "https://bugzilla.suse.com/1251202"
},
{
"category": "self",
"summary": "SUSE Bug 1251208",
"url": "https://bugzilla.suse.com/1251208"
},
{
"category": "self",
"summary": "SUSE Bug 1251210",
"url": "https://bugzilla.suse.com/1251210"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251292",
"url": "https://bugzilla.suse.com/1251292"
},
{
"category": "self",
"summary": "SUSE Bug 1251293",
"url": "https://bugzilla.suse.com/1251293"
},
{
"category": "self",
"summary": "SUSE Bug 1251294",
"url": "https://bugzilla.suse.com/1251294"
},
{
"category": "self",
"summary": "SUSE Bug 1251300",
"url": "https://bugzilla.suse.com/1251300"
},
{
"category": "self",
"summary": "SUSE Bug 1251325",
"url": "https://bugzilla.suse.com/1251325"
},
{
"category": "self",
"summary": "SUSE Bug 1251329",
"url": "https://bugzilla.suse.com/1251329"
},
{
"category": "self",
"summary": "SUSE Bug 1251330",
"url": "https://bugzilla.suse.com/1251330"
},
{
"category": "self",
"summary": "SUSE Bug 1251333",
"url": "https://bugzilla.suse.com/1251333"
},
{
"category": "self",
"summary": "SUSE Bug 1251522",
"url": "https://bugzilla.suse.com/1251522"
},
{
"category": "self",
"summary": "SUSE Bug 1251524",
"url": "https://bugzilla.suse.com/1251524"
},
{
"category": "self",
"summary": "SUSE Bug 1251550",
"url": "https://bugzilla.suse.com/1251550"
},
{
"category": "self",
"summary": "SUSE Bug 1251725",
"url": "https://bugzilla.suse.com/1251725"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251736",
"url": "https://bugzilla.suse.com/1251736"
},
{
"category": "self",
"summary": "SUSE Bug 1251741",
"url": "https://bugzilla.suse.com/1251741"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251761",
"url": "https://bugzilla.suse.com/1251761"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252480",
"url": "https://bugzilla.suse.com/1252480"
},
{
"category": "self",
"summary": "SUSE Bug 1252487",
"url": "https://bugzilla.suse.com/1252487"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252513",
"url": "https://bugzilla.suse.com/1252513"
},
{
"category": "self",
"summary": "SUSE Bug 1252538",
"url": "https://bugzilla.suse.com/1252538"
},
{
"category": "self",
"summary": "SUSE Bug 1252539",
"url": "https://bugzilla.suse.com/1252539"
},
{
"category": "self",
"summary": "SUSE Bug 1252545",
"url": "https://bugzilla.suse.com/1252545"
},
{
"category": "self",
"summary": "SUSE Bug 1252549",
"url": "https://bugzilla.suse.com/1252549"
},
{
"category": "self",
"summary": "SUSE Bug 1252554",
"url": "https://bugzilla.suse.com/1252554"
},
{
"category": "self",
"summary": "SUSE Bug 1252560",
"url": "https://bugzilla.suse.com/1252560"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252893",
"url": "https://bugzilla.suse.com/1252893"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4460 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-43945 page",
"url": "https://www.suse.com/security/cve/CVE-2022-43945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-48631 page",
"url": "https://www.suse.com/security/cve/CVE-2022-48631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50236 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50249 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50280 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50293 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50327 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50350 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50356 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50367 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50394 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50395 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50423 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50423/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50443 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50443/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50459 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50470 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50470/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50481 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50485 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50487 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50493 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50496 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50501 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50504 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50505 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50509 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50516 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50532 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50534 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50536 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50537 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50542 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50544 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50544/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50549 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50549/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50563 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50564 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50571 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-50581 page",
"url": "https://www.suse.com/security/cve/CVE-2022-50581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53183 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53185 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53188 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53191 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53204 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53271 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53282 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53289 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53292 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53338 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53339 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53373 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53433 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53433/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53476 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53476/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53477 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53484 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53484/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53517 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53517/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53519 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53533 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53564 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53582 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53587 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53589 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53594 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53604 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53620 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53624 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53635 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53635/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53644 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53667 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53675 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53683 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53695 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53696 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53705 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53715 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53717 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53717/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-7324 page",
"url": "https://www.suse.com/security/cve/CVE-2023-7324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56633 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39929 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-24T09:18:05Z",
"generator": {
"date": "2025-11-24T09:18:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4189-1",
"initial_release_date": "2025-11-24T09:18:05Z",
"revision_history": [
{
"date": "2025-11-24T09:18:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"product_id": "cluster-md-kmp-default-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.280.1.aarch64",
"product": {
"name": "dlm-kmp-default-4.12.14-122.280.1.aarch64",
"product_id": "dlm-kmp-default-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"product_id": "gfs2-kmp-default-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-default-4.12.14-122.280.1.aarch64",
"product_id": "kernel-default-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-default-base-4.12.14-122.280.1.aarch64",
"product_id": "kernel-default-base-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-default-devel-4.12.14-122.280.1.aarch64",
"product_id": "kernel-default-devel-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-default-extra-4.12.14-122.280.1.aarch64",
"product_id": "kernel-default-extra-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.aarch64",
"product_id": "kernel-default-kgraft-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-obs-build-4.12.14-122.280.1.aarch64",
"product_id": "kernel-obs-build-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-obs-qa-4.12.14-122.280.1.aarch64",
"product_id": "kernel-obs-qa-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-syms-4.12.14-122.280.1.aarch64",
"product_id": "kernel-syms-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-vanilla-4.12.14-122.280.1.aarch64",
"product_id": "kernel-vanilla-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.280.1.aarch64",
"product_id": "kernel-vanilla-base-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.280.1.aarch64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.280.1.aarch64",
"product_id": "kernel-vanilla-devel-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.280.1.aarch64",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.280.1.aarch64",
"product_id": "kselftests-kmp-default-4.12.14-122.280.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"product_id": "ocfs2-kmp-default-4.12.14-122.280.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-122.280.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-122.280.1.noarch",
"product_id": "kernel-devel-4.12.14-122.280.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-122.280.2.noarch",
"product": {
"name": "kernel-docs-4.12.14-122.280.2.noarch",
"product_id": "kernel-docs-4.12.14-122.280.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-122.280.2.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-122.280.2.noarch",
"product_id": "kernel-docs-html-4.12.14-122.280.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-122.280.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-122.280.1.noarch",
"product_id": "kernel-macros-4.12.14-122.280.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-122.280.1.noarch",
"product": {
"name": "kernel-source-4.12.14-122.280.1.noarch",
"product_id": "kernel-source-4.12.14-122.280.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-122.280.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-122.280.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-122.280.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"product_id": "cluster-md-kmp-default-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"product": {
"name": "dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"product_id": "dlm-kmp-default-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"product_id": "gfs2-kmp-default-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-default-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-default-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-default-base-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-default-base-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-default-devel-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-default-devel-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-default-extra-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-default-extra-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-default-kgraft-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-obs-build-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-obs-build-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-obs-qa-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-obs-qa-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-syms-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-syms-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-vanilla-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-vanilla-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-vanilla-base-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.280.1.ppc64le",
"product_id": "kernel-vanilla-devel-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.280.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.280.1.ppc64le",
"product_id": "kselftests-kmp-default-4.12.14-122.280.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"product_id": "ocfs2-kmp-default-4.12.14-122.280.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"product_id": "cluster-md-kmp-default-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.280.1.s390x",
"product": {
"name": "dlm-kmp-default-4.12.14-122.280.1.s390x",
"product_id": "dlm-kmp-default-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.280.1.s390x",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.s390x",
"product_id": "gfs2-kmp-default-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-base-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-base-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-devel-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-devel-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-extra-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-extra-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-kgraft-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-default-man-4.12.14-122.280.1.s390x",
"product_id": "kernel-default-man-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-obs-build-4.12.14-122.280.1.s390x",
"product_id": "kernel-obs-build-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-obs-qa-4.12.14-122.280.1.s390x",
"product_id": "kernel-obs-qa-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-syms-4.12.14-122.280.1.s390x",
"product_id": "kernel-syms-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-vanilla-4.12.14-122.280.1.s390x",
"product_id": "kernel-vanilla-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.280.1.s390x",
"product_id": "kernel-vanilla-base-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.280.1.s390x",
"product_id": "kernel-vanilla-devel-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-zfcpdump-4.12.14-122.280.1.s390x",
"product_id": "kernel-zfcpdump-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-man-4.12.14-122.280.1.s390x",
"product": {
"name": "kernel-zfcpdump-man-4.12.14-122.280.1.s390x",
"product_id": "kernel-zfcpdump-man-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.280.1.s390x",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.280.1.s390x",
"product_id": "kselftests-kmp-default-4.12.14-122.280.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"product_id": "ocfs2-kmp-default-4.12.14-122.280.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"product_id": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-122.280.1.x86_64",
"product": {
"name": "dlm-kmp-default-4.12.14-122.280.1.x86_64",
"product_id": "dlm-kmp-default-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"product": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"product_id": "gfs2-kmp-default-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-default-4.12.14-122.280.1.x86_64",
"product_id": "kernel-default-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-122.280.1.x86_64",
"product_id": "kernel-default-base-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-122.280.1.x86_64",
"product_id": "kernel-default-devel-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-default-extra-4.12.14-122.280.1.x86_64",
"product_id": "kernel-default-extra-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"product_id": "kernel-default-kgraft-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"product_id": "kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-122.280.1.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-122.280.1.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-122.280.1.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-122.280.1.x86_64",
"product_id": "kernel-obs-build-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-122.280.1.x86_64",
"product_id": "kernel-obs-qa-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-122.280.1.x86_64",
"product_id": "kernel-syms-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-122.280.1.x86_64",
"product_id": "kernel-vanilla-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-122.280.1.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-122.280.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-122.280.1.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-122.280.1.x86_64",
"product": {
"name": "kselftests-kmp-default-4.12.14-122.280.1.x86_64",
"product_id": "kselftests-kmp-default-4.12.14-122.280.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"product_id": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le"
},
"product_reference": "dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x"
},
"product_reference": "dlm-kmp-default-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64"
},
"product_reference": "kernel-default-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le"
},
"product_reference": "kernel-default-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-default-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64"
},
"product_reference": "kernel-default-base-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le"
},
"product_reference": "kernel-default-base-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-default-base-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64"
},
"product_reference": "kernel-default-devel-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le"
},
"product_reference": "kernel-default-devel-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-default-devel-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-default-man-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-122.280.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-122.280.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-122.280.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-122.280.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-122.280.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch"
},
"product_reference": "kernel-source-4.12.14-122.280.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64"
},
"product_reference": "kernel-syms-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le"
},
"product_reference": "kernel-syms-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x"
},
"product_reference": "kernel-syms-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-122.280.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-122.280.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-122.280.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-122.280.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-122.280.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch"
},
"product_reference": "kernel-source-4.12.14-122.280.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-4460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4460"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix UBSAN shift-out-of-bounds warning\n\nIf get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up\ndoing a shift operation where the number of bits shifted equals\nnumber of bits in the operand. This behaviour is undefined.\n\nSet num_sdma_queues or num_xgmi_sdma_queues to ULLONG_MAX, if the\ncount is \u003e= number of bits in the operand.\n\nBug: https://gitlab.freedesktop.org/drm/amd/-/issues/1472",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4460",
"url": "https://www.suse.com/security/cve/CVE-2021-4460"
},
{
"category": "external",
"summary": "SUSE Bug 1250764 for CVE-2021-4460",
"url": "https://bugzilla.suse.com/1250764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2021-4460"
},
{
"cve": "CVE-2022-43945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-43945"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-43945",
"url": "https://www.suse.com/security/cve/CVE-2022-43945"
},
{
"category": "external",
"summary": "SUSE Bug 1205128 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1205128"
},
{
"category": "external",
"summary": "SUSE Bug 1205130 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1205130"
},
{
"category": "external",
"summary": "SUSE Bug 1208030 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1208030"
},
{
"category": "external",
"summary": "SUSE Bug 1208085 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1208085"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1209225"
},
{
"category": "external",
"summary": "SUSE Bug 1210124 for CVE-2022-43945",
"url": "https://bugzilla.suse.com/1210124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2022-43945"
},
{
"cve": "CVE-2022-48631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-48631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug in extents parsing when eh_entries == 0 and eh_depth \u003e 0\n\nWhen walking through an inode extents, the ext4_ext_binsearch_idx() function\nassumes that the extent header has been previously validated. However, there\nare no checks that verify that the number of entries (eh-\u003eeh_entries) is\nnon-zero when depth is \u003e 0. And this will lead to problems because the\nEXT_FIRST_INDEX() and EXT_LAST_INDEX() will return garbage and result in this:\n\n[ 135.245946] ------------[ cut here ]------------\n[ 135.247579] kernel BUG at fs/ext4/extents.c:2258!\n[ 135.249045] invalid opcode: 0000 [#1] PREEMPT SMP\n[ 135.250320] CPU: 2 PID: 238 Comm: tmp118 Not tainted 5.19.0-rc8+ #4\n[ 135.252067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n[ 135.255065] RIP: 0010:ext4_ext_map_blocks+0xc20/0xcb0\n[ 135.256475] Code:\n[ 135.261433] RSP: 0018:ffffc900005939f8 EFLAGS: 00010246\n[ 135.262847] RAX: 0000000000000024 RBX: ffffc90000593b70 RCX: 0000000000000023\n[ 135.264765] RDX: ffff8880038e5f10 RSI: 0000000000000003 RDI: ffff8880046e922c\n[ 135.266670] RBP: ffff8880046e9348 R08: 0000000000000001 R09: ffff888002ca580c\n[ 135.268576] R10: 0000000000002602 R11: 0000000000000000 R12: 0000000000000024\n[ 135.270477] R13: 0000000000000000 R14: 0000000000000024 R15: 0000000000000000\n[ 135.272394] FS: 00007fdabdc56740(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\n[ 135.274510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 135.276075] CR2: 00007ffc26bd4f00 CR3: 0000000006261004 CR4: 0000000000170ea0\n[ 135.277952] Call Trace:\n[ 135.278635] \u003cTASK\u003e\n[ 135.279247] ? preempt_count_add+0x6d/0xa0\n[ 135.280358] ? percpu_counter_add_batch+0x55/0xb0\n[ 135.281612] ? _raw_read_unlock+0x18/0x30\n[ 135.282704] ext4_map_blocks+0x294/0x5a0\n[ 135.283745] ? xa_load+0x6f/0xa0\n[ 135.284562] ext4_mpage_readpages+0x3d6/0x770\n[ 135.285646] read_pages+0x67/0x1d0\n[ 135.286492] ? folio_add_lru+0x51/0x80\n[ 135.287441] page_cache_ra_unbounded+0x124/0x170\n[ 135.288510] filemap_get_pages+0x23d/0x5a0\n[ 135.289457] ? path_openat+0xa72/0xdd0\n[ 135.290332] filemap_read+0xbf/0x300\n[ 135.291158] ? _raw_spin_lock_irqsave+0x17/0x40\n[ 135.292192] new_sync_read+0x103/0x170\n[ 135.293014] vfs_read+0x15d/0x180\n[ 135.293745] ksys_read+0xa1/0xe0\n[ 135.294461] do_syscall_64+0x3c/0x80\n[ 135.295284] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis patch simply adds an extra check in __ext4_ext_check(), verifying that\neh_entries is not 0 when eh_depth is \u003e 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-48631",
"url": "https://www.suse.com/security/cve/CVE-2022-48631"
},
{
"category": "external",
"summary": "SUSE Bug 1223475 for CVE-2022-48631",
"url": "https://bugzilla.suse.com/1223475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-48631"
},
{
"cve": "CVE-2022-50236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix crash on isr after kexec()\n\nIf the system is rebooted via isr(), the IRQ handler might\nbe triggered before the domain is initialized. Resulting on\nan invalid memory access error.\n\nFix:\n[ 0.500930] Unable to handle kernel read from unreadable memory at virtual address 0000000000000070\n[ 0.501166] Call trace:\n[ 0.501174] report_iommu_fault+0x28/0xfc\n[ 0.501180] mtk_iommu_isr+0x10c/0x1c0\n\n[ joro: Fixed spelling in commit message ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50236",
"url": "https://www.suse.com/security/cve/CVE-2022-50236"
},
{
"category": "external",
"summary": "SUSE Bug 1249702 for CVE-2022-50236",
"url": "https://bugzilla.suse.com/1249702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50236"
},
{
"cve": "CVE-2022-50249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: of: Fix refcount leak bug in of_get_ddr_timings()\n\nWe should add the of_node_put() when breaking out of\nfor_each_child_of_node() as it will automatically increase\nand decrease the refcount.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50249",
"url": "https://www.suse.com/security/cve/CVE-2022-50249"
},
{
"category": "external",
"summary": "SUSE Bug 1249747 for CVE-2022-50249",
"url": "https://bugzilla.suse.com/1249747"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50249"
},
{
"cve": "CVE-2022-50280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npnode: terminate at peers of source\n\nThe propagate_mnt() function handles mount propagation when creating\nmounts and propagates the source mount tree @source_mnt to all\napplicable nodes of the destination propagation mount tree headed by\n@dest_mnt.\n\nUnfortunately it contains a bug where it fails to terminate at peers of\n@source_mnt when looking up copies of the source mount that become\nmasters for copies of the source mount tree mounted on top of slaves in\nthe destination propagation tree causing a NULL dereference.\n\nOnce the mechanics of the bug are understood it\u0027s easy to trigger.\nBecause of unprivileged user namespaces it is available to unprivileged\nusers.\n\nWhile fixing this bug we\u0027ve gotten confused multiple times due to\nunclear terminology or missing concepts. So let\u0027s start this with some\nclarifications:\n\n* The terms \"master\" or \"peer\" denote a shared mount. A shared mount\n belongs to a peer group.\n\n* A peer group is a set of shared mounts that propagate to each other.\n They are identified by a peer group id. The peer group id is available\n in @shared_mnt-\u003emnt_group_id.\n Shared mounts within the same peer group have the same peer group id.\n The peers in a peer group can be reached via @shared_mnt-\u003emnt_share.\n\n* The terms \"slave mount\" or \"dependent mount\" denote a mount that\n receives propagation from a peer in a peer group. IOW, shared mounts\n may have slave mounts and slave mounts have shared mounts as their\n master. Slave mounts of a given peer in a peer group are listed on\n that peers slave list available at @shared_mnt-\u003emnt_slave_list.\n\n* The term \"master mount\" denotes a mount in a peer group. IOW, it\n denotes a shared mount or a peer mount in a peer group. The term\n \"master mount\" - or \"master\" for short - is mostly used when talking\n in the context of slave mounts that receive propagation from a master\n mount. A master mount of a slave identifies the closest peer group a\n slave mount receives propagation from. The master mount of a slave can\n be identified via @slave_mount-\u003emnt_master. Different slaves may point\n to different masters in the same peer group.\n\n* Multiple peers in a peer group can have non-empty -\u003emnt_slave_lists.\n Non-empty -\u003emnt_slave_lists of peers don\u0027t intersect. Consequently, to\n ensure all slave mounts of a peer group are visited the\n -\u003emnt_slave_lists of all peers in a peer group have to be walked.\n\n* Slave mounts point to a peer in the closest peer group they receive\n propagation from via @slave_mnt-\u003emnt_master (see above). Together with\n these peers they form a propagation group (see below). The closest\n peer group can thus be identified through the peer group id\n @slave_mnt-\u003emnt_master-\u003emnt_group_id of the peer/master that a slave\n mount receives propagation from.\n\n* A shared-slave mount is a slave mount to a peer group pg1 while also\n a peer in another peer group pg2. IOW, a peer group may receive\n propagation from another peer group.\n\n If a peer group pg1 is a slave to another peer group pg2 then all\n peers in peer group pg1 point to the same peer in peer group pg2 via\n -\u003emnt_master. IOW, all peers in peer group pg1 appear on the same\n -\u003emnt_slave_list. IOW, they cannot be slaves to different peer groups.\n\n* A pure slave mount is a slave mount that is a slave to a peer group\n but is not a peer in another peer group.\n\n* A propagation group denotes the set of mounts consisting of a single\n peer group pg1 and all slave mounts and shared-slave mounts that point\n to a peer in that peer group via -\u003emnt_master. IOW, all slave mounts\n such that @slave_mnt-\u003emnt_master-\u003emnt_group_id is equal to\n @shared_mnt-\u003emnt_group_id.\n\n The concept of a propagation group makes it easier to talk about a\n single propagation level in a propagation tree.\n\n For example, in propagate_mnt() the immediate peers of @dest_mnt and\n all slaves of @dest_mnt\u0027s peer group form a propagation group pr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50280",
"url": "https://www.suse.com/security/cve/CVE-2022-50280"
},
{
"category": "external",
"summary": "SUSE Bug 1249806 for CVE-2022-50280",
"url": "https://bugzilla.suse.com/1249806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50280"
},
{
"cve": "CVE-2022-50293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON() on ENOMEM when dropping extent items for a range\n\nIf we get -ENOMEM while dropping file extent items in a given range, at\nbtrfs_drop_extents(), due to failure to allocate memory when attempting to\nincrement the reference count for an extent or drop the reference count,\nwe handle it with a BUG_ON(). This is excessive, instead we can simply\nabort the transaction and return the error to the caller. In fact most\ncallers of btrfs_drop_extents(), directly or indirectly, already abort\nthe transaction if btrfs_drop_extents() returns any error.\n\nAlso, we already have error paths at btrfs_drop_extents() that may return\n-ENOMEM and in those cases we abort the transaction, like for example\nanything that changes the b+tree may return -ENOMEM due to a failure to\nallocate a new extent buffer when COWing an existing extent buffer, such\nas a call to btrfs_duplicate_item() for example.\n\nSo replace the BUG_ON() calls with proper logic to abort the transaction\nand return the error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50293",
"url": "https://www.suse.com/security/cve/CVE-2022-50293"
},
{
"category": "external",
"summary": "SUSE Bug 1249752 for CVE-2022-50293",
"url": "https://bugzilla.suse.com/1249752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50293"
},
{
"cve": "CVE-2022-50327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50327"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: processor: idle: Check acpi_fetch_acpi_dev() return value\n\nThe return value of acpi_fetch_acpi_dev() could be NULL, which would\ncause a NULL pointer dereference to occur in acpi_device_hid().\n\n[ rjw: Subject and changelog edits, added empty line after if () ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50327",
"url": "https://www.suse.com/security/cve/CVE-2022-50327"
},
{
"category": "external",
"summary": "SUSE Bug 1249859 for CVE-2022-50327",
"url": "https://bugzilla.suse.com/1249859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2022-50327"
},
{
"cve": "CVE-2022-50350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix a race condition between login_work and the login thread\n\nIn case a malicious initiator sends some random data immediately after a\nlogin PDU; the iscsi_target_sk_data_ready() callback will schedule the\nlogin_work and, at the same time, the negotiation may end without clearing\nthe LOGIN_FLAGS_INITIAL_PDU flag (because no additional PDU exchanges are\nrequired to complete the login).\n\nThe login has been completed but the login_work function will find the\nLOGIN_FLAGS_INITIAL_PDU flag set and will never stop from rescheduling\nitself; at this point, if the initiator drops the connection, the\niscsit_conn structure will be freed, login_work will dereference a released\nsocket structure and the kernel crashes.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000230\nPF: supervisor write access in kernel mode\nPF: error_code(0x0002) - not-present page\nWorkqueue: events iscsi_target_do_login_rx [iscsi_target_mod]\nRIP: 0010:_raw_read_lock_bh+0x15/0x30\nCall trace:\n iscsi_target_do_login_rx+0x75/0x3f0 [iscsi_target_mod]\n process_one_work+0x1e8/0x3c0\n\nFix this bug by forcing login_work to stop after the login has been\ncompleted and the socket callbacks have been restored.\n\nAdd a comment to clearify the return values of iscsi_target_do_login()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50350",
"url": "https://www.suse.com/security/cve/CVE-2022-50350"
},
{
"category": "external",
"summary": "SUSE Bug 1250261 for CVE-2022-50350",
"url": "https://bugzilla.suse.com/1250261"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50350"
},
{
"cve": "CVE-2022-50356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sfb: fix null pointer access issue when sfb_init() fails\n\nWhen the default qdisc is sfb, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), sfb_reset() is invoked to clear resources.\nIn this case, the q-\u003eqdisc is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tsfb_init()\n\t\ttcf_block_get() ---\u003efailed, q-\u003eqdisc is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tsfb_reset()\n\t\t\tqdisc_reset(q-\u003eqdisc) ---\u003eq-\u003eqdisc is NULL\n\t\t\t\tops = qdisc-\u003eops\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nRIP: 0010:qdisc_reset+0x2b/0x6f0\nCall Trace:\n\u003cTASK\u003e\nsfb_reset+0x37/0xd0\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f2164122d04\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50356",
"url": "https://www.suse.com/security/cve/CVE-2022-50356"
},
{
"category": "external",
"summary": "SUSE Bug 1250040 for CVE-2022-50356",
"url": "https://bugzilla.suse.com/1250040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50356"
},
{
"cve": "CVE-2022-50367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50367"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50367",
"url": "https://www.suse.com/security/cve/CVE-2022-50367"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2022-50367",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250277 for CVE-2022-50367",
"url": "https://bugzilla.suse.com/1250277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2022-50367"
},
{
"cve": "CVE-2022-50394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50394"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: ismt: Fix an out-of-bounds bug in ismt_access()\n\nWhen the driver does not check the data from the user, the variable\n\u0027data-\u003eblock[0]\u0027 may be very large to cause an out-of-bounds bug.\n\nThe following log can reveal it:\n\n[ 33.995542] i2c i2c-1: ioctl, cmd=0x720, arg=0x7ffcb3dc3a20\n[ 33.995978] ismt_smbus 0000:00:05.0: I2C_SMBUS_BLOCK_DATA: WRITE\n[ 33.996475] ==================================================================\n[ 33.996995] BUG: KASAN: out-of-bounds in ismt_access.cold+0x374/0x214b\n[ 33.997473] Read of size 18446744073709551615 at addr ffff88810efcfdb1 by task ismt_poc/485\n[ 33.999450] Call Trace:\n[ 34.001849] memcpy+0x20/0x60\n[ 34.002077] ismt_access.cold+0x374/0x214b\n[ 34.003382] __i2c_smbus_xfer+0x44f/0xfb0\n[ 34.004007] i2c_smbus_xfer+0x10a/0x390\n[ 34.004291] i2cdev_ioctl_smbus+0x2c8/0x710\n[ 34.005196] i2cdev_ioctl+0x5ec/0x74c\n\nFix this bug by checking the size of \u0027data-\u003eblock[0]\u0027 first.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50394",
"url": "https://www.suse.com/security/cve/CVE-2022-50394"
},
{
"category": "external",
"summary": "SUSE Bug 1250107 for CVE-2022-50394",
"url": "https://bugzilla.suse.com/1250107"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50394"
},
{
"cve": "CVE-2022-50395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nintegrity: Fix memory leakage in keyring allocation error path\n\nKey restriction is allocated in integrity_init_keyring(). However, if\nkeyring allocation failed, it is not freed, causing memory leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50395",
"url": "https://www.suse.com/security/cve/CVE-2022-50395"
},
{
"category": "external",
"summary": "SUSE Bug 1250211 for CVE-2022-50395",
"url": "https://bugzilla.suse.com/1250211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50395"
},
{
"cve": "CVE-2022-50423",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50423"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()\n\nThere is an use-after-free reported by KASAN:\n\n BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82\n Read of size 1 at addr ffff888112afc460 by task modprobe/2111\n CPU: 0 PID: 2111 Comm: modprobe Not tainted 6.1.0-rc7-dirty\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\n Call Trace:\n \u003cTASK\u003e\n kasan_report+0xae/0xe0\n acpi_ut_remove_reference+0x3b/0x82\n acpi_ut_copy_iobject_to_iobject+0x3be/0x3d5\n acpi_ds_store_object_to_local+0x15d/0x3a0\n acpi_ex_store+0x78d/0x7fd\n acpi_ex_opcode_1A_1T_1R+0xbe4/0xf9b\n acpi_ps_parse_aml+0x217/0x8d5\n ...\n \u003c/TASK\u003e\n\nThe root cause of the problem is that the acpi_operand_object\nis freed when acpi_ut_walk_package_tree() fails in\nacpi_ut_copy_ipackage_to_ipackage(), lead to repeated release in\nacpi_ut_copy_iobject_to_iobject(). The problem was introduced\nby \"8aa5e56eeb61\" commit, this commit is to fix memory leak in\nacpi_ut_copy_iobject_to_iobject(), repeatedly adding remove\noperation, lead to \"acpi_operand_object\" used after free.\n\nFix it by removing acpi_ut_remove_reference() in\nacpi_ut_copy_ipackage_to_ipackage(). acpi_ut_copy_ipackage_to_ipackage()\nis called to copy an internal package object into another internal\npackage object, when it fails, the memory of acpi_operand_object\nshould be freed by the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50423",
"url": "https://www.suse.com/security/cve/CVE-2022-50423"
},
{
"category": "external",
"summary": "SUSE Bug 1250784 for CVE-2022-50423",
"url": "https://bugzilla.suse.com/1250784"
},
{
"category": "external",
"summary": "SUSE Bug 1250785 for CVE-2022-50423",
"url": "https://bugzilla.suse.com/1250785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2022-50423"
},
{
"cve": "CVE-2022-50443",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50443"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/rockchip: lvds: fix PM usage counter unbalance in poweron\n\npm_runtime_get_sync will increment pm usage counter even it failed.\nForgetting to putting operation will result in reference leak here.\nWe fix it by replacing it with the newest pm_runtime_resume_and_get\nto keep usage counter balanced.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50443",
"url": "https://www.suse.com/security/cve/CVE-2022-50443"
},
{
"category": "external",
"summary": "SUSE Bug 1250768 for CVE-2022-50443",
"url": "https://bugzilla.suse.com/1250768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50443"
},
{
"cve": "CVE-2022-50459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50459"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()\n\nFix a NULL pointer crash that occurs when we are freeing the socket at the\nsame time we access it via sysfs.\n\nThe problem is that:\n\n 1. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() take\n the frwd_lock and do sock_hold() then drop the frwd_lock. sock_hold()\n does a get on the \"struct sock\".\n\n 2. iscsi_sw_tcp_release_conn() does sockfd_put() which does the last put\n on the \"struct socket\" and that does __sock_release() which sets the\n sock-\u003eops to NULL.\n\n 3. iscsi_sw_tcp_conn_get_param() and iscsi_sw_tcp_host_get_param() then\n call kernel_getpeername() which accesses the NULL sock-\u003eops.\n\nAbove we do a get on the \"struct sock\", but we needed a get on the \"struct\nsocket\". Originally, we just held the frwd_lock the entire time but in\ncommit bcf3a2953d36 (\"scsi: iscsi: iscsi_tcp: Avoid holding spinlock while\ncalling getpeername()\") we switched to refcount based because the network\nlayer changed and started taking a mutex in that path, so we could no\nlonger hold the frwd_lock.\n\nInstead of trying to maintain multiple refcounts, this just has us use a\nmutex for accessing the socket in the interface code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50459",
"url": "https://www.suse.com/security/cve/CVE-2022-50459"
},
{
"category": "external",
"summary": "SUSE Bug 1250850 for CVE-2022-50459",
"url": "https://bugzilla.suse.com/1250850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50459"
},
{
"cve": "CVE-2022-50470",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50470"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Remove device endpoints from bandwidth list when freeing the device\n\nEndpoints are normally deleted from the bandwidth list when they are\ndropped, before the virt device is freed.\n\nIf xHC host is dying or being removed then the endpoints aren\u0027t dropped\ncleanly due to functions returning early to avoid interacting with a\nnon-accessible host controller.\n\nSo check and delete endpoints that are still on the bandwidth list when\nfreeing the virt device.\n\nSolves a list_del corruption kernel crash when unbinding xhci-pci,\ncaused by xhci_mem_cleanup() when it later tried to delete already freed\nendpoints from the bandwidth list.\n\nThis only affects hosts that use software bandwidth checking, which\ncurrenty is only the xHC in intel Panther Point PCH (Ivy Bridge)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50470",
"url": "https://www.suse.com/security/cve/CVE-2022-50470"
},
{
"category": "external",
"summary": "SUSE Bug 1251202 for CVE-2022-50470",
"url": "https://bugzilla.suse.com/1251202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50470"
},
{
"cve": "CVE-2022-50481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50481"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()\n\nIf device_register() fails in cxl_register_afu|adapter(), the device\nis not added, device_unregister() can not be called in the error path,\notherwise it will cause a null-ptr-deref because of removing not added\ndevice.\n\nAs comment of device_register() says, it should use put_device() to give\nup the reference in the error path. So split device_unregister() into\ndevice_del() and put_device(), then goes to put dev when register fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50481",
"url": "https://www.suse.com/security/cve/CVE-2022-50481"
},
{
"category": "external",
"summary": "SUSE Bug 1251051 for CVE-2022-50481",
"url": "https://bugzilla.suse.com/1251051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50481"
},
{
"cve": "CVE-2022-50485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: add EXT4_IGET_BAD flag to prevent unexpected bad inode\n\nThere are many places that will get unhappy (and crash) when ext4_iget()\nreturns a bad inode. However, if iget the boot loader inode, allows a bad\ninode to be returned, because the inode may not be initialized. This\nmechanism can be used to bypass some checks and cause panic. To solve this\nproblem, we add a special iget flag EXT4_IGET_BAD. Only with this flag\nwe\u0027d be returning bad inode from ext4_iget(), otherwise we always return\nthe error code if the inode is bad inode.(suggested by Jan Kara)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50485",
"url": "https://www.suse.com/security/cve/CVE-2022-50485"
},
{
"category": "external",
"summary": "SUSE Bug 1251197 for CVE-2022-50485",
"url": "https://bugzilla.suse.com/1251197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50485"
},
{
"cve": "CVE-2022-50487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50487"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50487",
"url": "https://www.suse.com/security/cve/CVE-2022-50487"
},
{
"category": "external",
"summary": "SUSE Bug 1251208 for CVE-2022-50487",
"url": "https://bugzilla.suse.com/1251208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2022-50487"
},
{
"cve": "CVE-2022-50493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash when I/O abort times out\n\nWhile performing CPU hotplug, a crash with the following stack was seen:\n\nCall Trace:\n qla24xx_process_response_queue+0x42a/0x970 [qla2xxx]\n qla2x00_start_nvme_mq+0x3a2/0x4b0 [qla2xxx]\n qla_nvme_post_cmd+0x166/0x240 [qla2xxx]\n nvme_fc_start_fcp_op.part.0+0x119/0x2e0 [nvme_fc]\n blk_mq_dispatch_rq_list+0x17b/0x610\n __blk_mq_sched_dispatch_requests+0xb0/0x140\n blk_mq_sched_dispatch_requests+0x30/0x60\n __blk_mq_run_hw_queue+0x35/0x90\n __blk_mq_delay_run_hw_queue+0x161/0x180\n blk_execute_rq+0xbe/0x160\n __nvme_submit_sync_cmd+0x16f/0x220 [nvme_core]\n nvmf_connect_admin_queue+0x11a/0x170 [nvme_fabrics]\n nvme_fc_create_association.cold+0x50/0x3dc [nvme_fc]\n nvme_fc_connect_ctrl_work+0x19/0x30 [nvme_fc]\n process_one_work+0x1e8/0x3c0\n\nOn abort timeout, completion was called without checking if the I/O was\nalready completed.\n\nVerify that I/O and abort request are indeed outstanding before attempting\ncompletion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50493",
"url": "https://www.suse.com/security/cve/CVE-2022-50493"
},
{
"category": "external",
"summary": "SUSE Bug 1251088 for CVE-2022-50493",
"url": "https://bugzilla.suse.com/1251088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50493"
},
{
"cve": "CVE-2022-50496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: Fix UAF in destroy()\n\nDm_cache also has the same UAF problem when dm_resume()\nand dm_destroy() are concurrent.\n\nTherefore, cancelling timer again in destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50496",
"url": "https://www.suse.com/security/cve/CVE-2022-50496"
},
{
"category": "external",
"summary": "SUSE Bug 1251091 for CVE-2022-50496",
"url": "https://bugzilla.suse.com/1251091"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50496"
},
{
"cve": "CVE-2022-50501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: coda: Add check for dcoda_iram_alloc\n\nAs the coda_iram_alloc may return NULL pointer,\nit should be better to check the return value\nin order to avoid NULL poineter dereference,\nsame as the others.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50501",
"url": "https://www.suse.com/security/cve/CVE-2022-50501"
},
{
"category": "external",
"summary": "SUSE Bug 1251099 for CVE-2022-50501",
"url": "https://bugzilla.suse.com/1251099"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50501"
},
{
"cve": "CVE-2022-50504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas: avoid scheduling in rtas_os_term()\n\nIt\u0027s unsafe to use rtas_busy_delay() to handle a busy status from\nthe ibm,os-term RTAS function in rtas_os_term():\n\nKernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\nBUG: sleeping function called from invalid context at arch/powerpc/kernel/rtas.c:618\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1, name: swapper/0\npreempt_count: 2, expected: 0\nCPU: 7 PID: 1 Comm: swapper/0 Tainted: G D 6.0.0-rc5-02182-gf8553a572277-dirty #9\nCall Trace:\n[c000000007b8f000] [c000000001337110] dump_stack_lvl+0xb4/0x110 (unreliable)\n[c000000007b8f040] [c0000000002440e4] __might_resched+0x394/0x3c0\n[c000000007b8f0e0] [c00000000004f680] rtas_busy_delay+0x120/0x1b0\n[c000000007b8f100] [c000000000052d04] rtas_os_term+0xb8/0xf4\n[c000000007b8f180] [c0000000001150fc] pseries_panic+0x50/0x68\n[c000000007b8f1f0] [c000000000036354] ppc_panic_platform_handler+0x34/0x50\n[c000000007b8f210] [c0000000002303c4] notifier_call_chain+0xd4/0x1c0\n[c000000007b8f2b0] [c0000000002306cc] atomic_notifier_call_chain+0xac/0x1c0\n[c000000007b8f2f0] [c0000000001d62b8] panic+0x228/0x4d0\n[c000000007b8f390] [c0000000001e573c] do_exit+0x140c/0x1420\n[c000000007b8f480] [c0000000001e586c] make_task_dead+0xdc/0x200\n\nUse rtas_busy_delay_time() instead, which signals without side effects\nwhether to attempt the ibm,os-term RTAS call again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50504",
"url": "https://www.suse.com/security/cve/CVE-2022-50504"
},
{
"category": "external",
"summary": "SUSE Bug 1251182 for CVE-2022-50504",
"url": "https://bugzilla.suse.com/1251182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50504"
},
{
"cve": "CVE-2022-50505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50505"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix pci device refcount leak in ppr_notifier()\n\nAs comment of pci_get_domain_bus_and_slot() says, it returns\na pci device with refcount increment, when finish using it,\nthe caller must decrement the reference count by calling\npci_dev_put(). So call it before returning from ppr_notifier()\nto avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50505",
"url": "https://www.suse.com/security/cve/CVE-2022-50505"
},
{
"category": "external",
"summary": "SUSE Bug 1251086 for CVE-2022-50505",
"url": "https://bugzilla.suse.com/1251086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50505"
},
{
"cve": "CVE-2022-50509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50509"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: coda: Add check for kmalloc\n\nAs the kmalloc may return NULL pointer,\nit should be better to check the return value\nin order to avoid NULL poineter dereference,\nsame as the others.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50509",
"url": "https://www.suse.com/security/cve/CVE-2022-50509"
},
{
"category": "external",
"summary": "SUSE Bug 1251522 for CVE-2022-50509",
"url": "https://bugzilla.suse.com/1251522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50509"
},
{
"cve": "CVE-2022-50516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50516"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: dlm: fix invalid derefence of sb_lvbptr\n\nI experience issues when putting a lkbsb on the stack and have sb_lvbptr\nfield to a dangled pointer while not using DLM_LKF_VALBLK. It will crash\nwith the following kernel message, the dangled pointer is here\n0xdeadbeef as example:\n\n[ 102.749317] BUG: unable to handle page fault for address: 00000000deadbeef\n[ 102.749320] #PF: supervisor read access in kernel mode\n[ 102.749323] #PF: error_code(0x0000) - not-present page\n[ 102.749325] PGD 0 P4D 0\n[ 102.749332] Oops: 0000 [#1] PREEMPT SMP PTI\n[ 102.749336] CPU: 0 PID: 1567 Comm: lock_torture_wr Tainted: G W 5.19.0-rc3+ #1565\n[ 102.749343] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-2.module+el8.7.0+15506+033991b0 04/01/2014\n[ 102.749344] RIP: 0010:memcpy_erms+0x6/0x10\n[ 102.749353] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 \u003cf3\u003e a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe\n[ 102.749355] RSP: 0018:ffff97a58145fd08 EFLAGS: 00010202\n[ 102.749358] RAX: ffff901778b77070 RBX: 0000000000000000 RCX: 0000000000000040\n[ 102.749360] RDX: 0000000000000040 RSI: 00000000deadbeef RDI: ffff901778b77070\n[ 102.749362] RBP: ffff97a58145fd10 R08: ffff901760b67a70 R09: 0000000000000001\n[ 102.749364] R10: ffff9017008e2cb8 R11: 0000000000000001 R12: ffff901760b67a70\n[ 102.749366] R13: ffff901760b78f00 R14: 0000000000000003 R15: 0000000000000001\n[ 102.749368] FS: 0000000000000000(0000) GS:ffff901876e00000(0000) knlGS:0000000000000000\n[ 102.749372] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 102.749374] CR2: 00000000deadbeef CR3: 000000017c49a004 CR4: 0000000000770ef0\n[ 102.749376] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 102.749378] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 102.749379] PKRU: 55555554\n[ 102.749381] Call Trace:\n[ 102.749382] \u003cTASK\u003e\n[ 102.749383] ? send_args+0xb2/0xd0\n[ 102.749389] send_common+0xb7/0xd0\n[ 102.749395] _unlock_lock+0x2c/0x90\n[ 102.749400] unlock_lock.isra.56+0x62/0xa0\n[ 102.749405] dlm_unlock+0x21e/0x330\n[ 102.749411] ? lock_torture_stats+0x80/0x80 [dlm_locktorture]\n[ 102.749416] torture_unlock+0x5a/0x90 [dlm_locktorture]\n[ 102.749419] ? preempt_count_sub+0xba/0x100\n[ 102.749427] lock_torture_writer+0xbd/0x150 [dlm_locktorture]\n[ 102.786186] kthread+0x10a/0x130\n[ 102.786581] ? kthread_complete_and_exit+0x20/0x20\n[ 102.787156] ret_from_fork+0x22/0x30\n[ 102.787588] \u003c/TASK\u003e\n[ 102.787855] Modules linked in: dlm_locktorture torture rpcsec_gss_krb5 intel_rapl_msr intel_rapl_common kvm_intel iTCO_wdt iTCO_vendor_support kvm vmw_vsock_virtio_transport qxl irqbypass vmw_vsock_virtio_transport_common drm_ttm_helper crc32_pclmul joydev crc32c_intel ttm vsock virtio_scsi virtio_balloon snd_pcm drm_kms_helper virtio_console snd_timer snd drm soundcore syscopyarea i2c_i801 sysfillrect sysimgblt i2c_smbus pcspkr fb_sys_fops lpc_ich serio_raw\n[ 102.792536] CR2: 00000000deadbeef\n[ 102.792930] ---[ end trace 0000000000000000 ]---\n\nThis patch fixes the issue by checking also on DLM_LKF_VALBLK on exflags\nis set when copying the lvbptr array instead of if it\u0027s just null which\nfixes for me the issue.\n\nI think this patch can fix other dlm users as well, depending how they\nhandle the init, freeing memory handling of sb_lvbptr and don\u0027t set\nDLM_LKF_VALBLK for some dlm_lock() calls. It might a there could be a\nhidden issue all the time. However with checking on DLM_LKF_VALBLK the\nuser always need to provide a sb_lvbptr non-null value. There might be\nmore intelligent handling between per ls lvblen, DLM_LKF_VALBLK and\nnon-null to report the user the way how DLM API is used is wrong but can\nbe added for later, this will only fix the current behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50516",
"url": "https://www.suse.com/security/cve/CVE-2022-50516"
},
{
"category": "external",
"summary": "SUSE Bug 1251741 for CVE-2022-50516",
"url": "https://bugzilla.suse.com/1251741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50516"
},
{
"cve": "CVE-2022-50532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50532"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add()\n\nIn mpt3sas_transport_port_add(), if sas_rphy_add() returns error,\nsas_rphy_free() needs be called to free the resource allocated in\nsas_end_device_alloc(). Otherwise a kernel crash will happen:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000108\nCPU: 45 PID: 37020 Comm: bash Kdump: loaded Tainted: G W 6.1.0-rc1+ #189\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : device_del+0x54/0x3d0\nlr : device_del+0x37c/0x3d0\nCall trace:\n device_del+0x54/0x3d0\n attribute_container_class_device_del+0x28/0x38\n transport_remove_classdev+0x6c/0x80\n attribute_container_device_trigger+0x108/0x110\n transport_remove_device+0x28/0x38\n sas_rphy_remove+0x50/0x78 [scsi_transport_sas]\n sas_port_delete+0x30/0x148 [scsi_transport_sas]\n do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x30/0x50 [scsi_transport_sas]\n sas_rphy_remove+0x38/0x78 [scsi_transport_sas]\n sas_port_delete+0x30/0x148 [scsi_transport_sas]\n do_sas_phy_delete+0x78/0x80 [scsi_transport_sas]\n device_for_each_child+0x68/0xb0\n sas_remove_children+0x30/0x50 [scsi_transport_sas]\n sas_remove_host+0x20/0x38 [scsi_transport_sas]\n scsih_remove+0xd8/0x420 [mpt3sas]\n\nBecause transport_add_device() is not called when sas_rphy_add() fails, the\ndevice is not added. When sas_rphy_remove() is subsequently called to\nremove the device in the remove() path, a NULL pointer dereference happens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50532",
"url": "https://www.suse.com/security/cve/CVE-2022-50532"
},
{
"category": "external",
"summary": "SUSE Bug 1251300 for CVE-2022-50532",
"url": "https://bugzilla.suse.com/1251300"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50532"
},
{
"cve": "CVE-2022-50534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50534"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: Use last transaction\u0027s pmd-\u003eroot when commit failed\n\nRecently we found a softlock up problem in dm thin pool btree lookup\ncode due to corrupted metadata:\n\n Kernel panic - not syncing: softlockup: hung tasks\n CPU: 7 PID: 2669225 Comm: kworker/u16:3\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: dm-thin do_worker [dm_thin_pool]\n Call Trace:\n \u003cIRQ\u003e\n dump_stack+0x9c/0xd3\n panic+0x35d/0x6b9\n watchdog_timer_fn.cold+0x16/0x25\n __run_hrtimer+0xa2/0x2d0\n \u003c/IRQ\u003e\n RIP: 0010:__relink_lru+0x102/0x220 [dm_bufio]\n __bufio_new+0x11f/0x4f0 [dm_bufio]\n new_read+0xa3/0x1e0 [dm_bufio]\n dm_bm_read_lock+0x33/0xd0 [dm_persistent_data]\n ro_step+0x63/0x100 [dm_persistent_data]\n btree_lookup_raw.constprop.0+0x44/0x220 [dm_persistent_data]\n dm_btree_lookup+0x16f/0x210 [dm_persistent_data]\n dm_thin_find_block+0x12c/0x210 [dm_thin_pool]\n __process_bio_read_only+0xc5/0x400 [dm_thin_pool]\n process_thin_deferred_bios+0x1a4/0x4a0 [dm_thin_pool]\n process_one_work+0x3c5/0x730\n\nFollowing process may generate a broken btree mixed with fresh and\nstale btree nodes, which could get dm thin trapped in an infinite loop\nwhile looking up data block:\n Transaction 1: pmd-\u003eroot = A, A-\u003eB-\u003eC // One path in btree\n pmd-\u003eroot = X, X-\u003eY-\u003eZ // Copy-up\n Transaction 2: X,Z is updated on disk, Y write failed.\n // Commit failed, dm thin becomes read-only.\n process_bio_read_only\n\t\t dm_thin_find_block\n\t\t __find_block\n\t\t dm_btree_lookup(pmd-\u003eroot)\nThe pmd-\u003eroot points to a broken btree, Y may contain stale node\npointing to any block, for example X, which gets dm thin trapped into\na dead loop while looking up Z.\n\nFix this by setting pmd-\u003eroot in __open_metadata(), so that dm thin\nwill use the last transaction\u0027s pmd-\u003eroot if commit failed.\n\nFetch a reproducer in [Link].\n\nLinke: https://bugzilla.kernel.org/show_bug.cgi?id=216790",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50534",
"url": "https://www.suse.com/security/cve/CVE-2022-50534"
},
{
"category": "external",
"summary": "SUSE Bug 1251292 for CVE-2022-50534",
"url": "https://bugzilla.suse.com/1251292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50534"
},
{
"cve": "CVE-2022-50536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50536"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix repeated calls to sock_put() when msg has more_data\n\nIn tcp_bpf_send_verdict() redirection, the eval variable is assigned to\n__SK_REDIRECT after the apply_bytes data is sent, if msg has more_data,\nsock_put() will be called multiple times.\n\nWe should reset the eval variable to __SK_NONE every time more_data\nstarts.\n\nThis causes:\n\nIPv4: Attempt to release TCP socket in state 1 00000000b4c925d7\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 5 PID: 4482 at lib/refcount.c:25 refcount_warn_saturate+0x7d/0x110\nModules linked in:\nCPU: 5 PID: 4482 Comm: sockhash_bypass Kdump: loaded Not tainted 6.0.0 #1\nHardware name: Red Hat KVM, BIOS 1.11.0-2.el7 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __tcp_transmit_skb+0xa1b/0xb90\n ? __alloc_skb+0x8c/0x1a0\n ? __kmalloc_node_track_caller+0x184/0x320\n tcp_write_xmit+0x22a/0x1110\n __tcp_push_pending_frames+0x32/0xf0\n do_tcp_sendpages+0x62d/0x640\n tcp_bpf_push+0xae/0x2c0\n tcp_bpf_sendmsg_redir+0x260/0x410\n ? preempt_count_add+0x70/0xa0\n tcp_bpf_send_verdict+0x386/0x4b0\n tcp_bpf_sendmsg+0x21b/0x3b0\n sock_sendmsg+0x58/0x70\n __sys_sendto+0xfa/0x170\n ? xfd_validate_state+0x1d/0x80\n ? switch_fpu_return+0x59/0xe0\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x37/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50536",
"url": "https://www.suse.com/security/cve/CVE-2022-50536"
},
{
"category": "external",
"summary": "SUSE Bug 1251293 for CVE-2022-50536",
"url": "https://bugzilla.suse.com/1251293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50536"
},
{
"cve": "CVE-2022-50537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50537"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: raspberrypi: fix possible memory leak in rpi_firmware_probe()\n\nIn rpi_firmware_probe(), if mbox_request_channel() fails, the \u0027fw\u0027 will\nnot be freed through rpi_firmware_delete(), fix this leak by calling\nkfree() in the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50537",
"url": "https://www.suse.com/security/cve/CVE-2022-50537"
},
{
"category": "external",
"summary": "SUSE Bug 1251294 for CVE-2022-50537",
"url": "https://bugzilla.suse.com/1251294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50537"
},
{
"cve": "CVE-2022-50542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50542"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: si470x: Fix use-after-free in si470x_int_in_callback()\n\nsyzbot reported use-after-free in si470x_int_in_callback() [1]. This\nindicates that urb-\u003econtext, which contains struct si470x_device\nobject, is freed when si470x_int_in_callback() is called.\n\nThe cause of this issue is that si470x_int_in_callback() is called for\nfreed urb.\n\nsi470x_usb_driver_probe() calls si470x_start_usb(), which then calls\nusb_submit_urb() and si470x_start(). If si470x_start_usb() fails,\nsi470x_usb_driver_probe() doesn\u0027t kill urb, but it just frees struct\nsi470x_device object, as depicted below:\n\nsi470x_usb_driver_probe()\n ...\n si470x_start_usb()\n ...\n usb_submit_urb()\n retval = si470x_start()\n return retval\n if (retval \u003c 0)\n free struct si470x_device object, but don\u0027t kill urb\n\nThis patch fixes this issue by killing urb when si470x_start_usb()\nfails and urb is submitted. If si470x_start_usb() fails and urb is\nnot submitted, i.e. submitting usb fails, it just frees struct\nsi470x_device object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50542",
"url": "https://www.suse.com/security/cve/CVE-2022-50542"
},
{
"category": "external",
"summary": "SUSE Bug 1251330 for CVE-2022-50542",
"url": "https://bugzilla.suse.com/1251330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50542"
},
{
"cve": "CVE-2022-50544",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50544"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()\n\nxhci_alloc_stream_info() allocates stream context array for stream_info\n-\u003estream_ctx_array with xhci_alloc_stream_ctx(). When some error occurs,\nstream_info-\u003estream_ctx_array is not released, which will lead to a\nmemory leak.\n\nWe can fix it by releasing the stream_info-\u003estream_ctx_array with\nxhci_free_stream_ctx() on the error path to avoid the potential memory\nleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50544",
"url": "https://www.suse.com/security/cve/CVE-2022-50544"
},
{
"category": "external",
"summary": "SUSE Bug 1251725 for CVE-2022-50544",
"url": "https://bugzilla.suse.com/1251725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50544"
},
{
"cve": "CVE-2022-50549",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50549"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata\n\nFollowing concurrent processes:\n\n P1(drop cache) P2(kworker)\ndrop_caches_sysctl_handler\n drop_slab\n shrink_slab\n down_read(\u0026shrinker_rwsem) - LOCK A\n do_shrink_slab\n super_cache_scan\n prune_icache_sb\n dispose_list\n evict\n ext4_evict_inode\n\t ext4_clear_inode\n\t ext4_discard_preallocations\n\t ext4_mb_load_buddy_gfp\n\t ext4_mb_init_cache\n\t ext4_read_block_bitmap_nowait\n\t ext4_read_bh_nowait\n\t submit_bh\n\t dm_submit_bio\n\t\t do_worker\n\t\t\t\t process_deferred_bios\n\t\t\t\t commit\n\t\t\t\t metadata_operation_failed\n\t\t\t\t dm_pool_abort_metadata\n\t\t\t\t down_write(\u0026pmd-\u003eroot_lock) - LOCK B\n\t\t __destroy_persistent_data_objects\n\t\t\t\t dm_block_manager_destroy\n\t\t\t\t dm_bufio_client_destroy\n\t\t\t\t unregister_shrinker\n\t\t\t\t\t down_write(\u0026shrinker_rwsem)\n\t\t thin_map |\n\t\t dm_thin_find_block v\n\t\t down_read(\u0026pmd-\u003eroot_lock) --\u003e ABBA deadlock\n\n, which triggers hung task:\n\n[ 76.974820] INFO: task kworker/u4:3:63 blocked for more than 15 seconds.\n[ 76.976019] Not tainted 6.1.0-rc4-00011-g8f17dd350364-dirty #910\n[ 76.978521] task:kworker/u4:3 state:D stack:0 pid:63 ppid:2\n[ 76.978534] Workqueue: dm-thin do_worker\n[ 76.978552] Call Trace:\n[ 76.978564] __schedule+0x6ba/0x10f0\n[ 76.978582] schedule+0x9d/0x1e0\n[ 76.978588] rwsem_down_write_slowpath+0x587/0xdf0\n[ 76.978600] down_write+0xec/0x110\n[ 76.978607] unregister_shrinker+0x2c/0xf0\n[ 76.978616] dm_bufio_client_destroy+0x116/0x3d0\n[ 76.978625] dm_block_manager_destroy+0x19/0x40\n[ 76.978629] __destroy_persistent_data_objects+0x5e/0x70\n[ 76.978636] dm_pool_abort_metadata+0x8e/0x100\n[ 76.978643] metadata_operation_failed+0x86/0x110\n[ 76.978649] commit+0x6a/0x230\n[ 76.978655] do_worker+0xc6e/0xd90\n[ 76.978702] process_one_work+0x269/0x630\n[ 76.978714] worker_thread+0x266/0x630\n[ 76.978730] kthread+0x151/0x1b0\n[ 76.978772] INFO: task test.sh:2646 blocked for more than 15 seconds.\n[ 76.979756] Not tainted 6.1.0-rc4-00011-g8f17dd350364-dirty #910\n[ 76.982111] task:test.sh state:D stack:0 pid:2646 ppid:2459\n[ 76.982128] Call Trace:\n[ 76.982139] __schedule+0x6ba/0x10f0\n[ 76.982155] schedule+0x9d/0x1e0\n[ 76.982159] rwsem_down_read_slowpath+0x4f4/0x910\n[ 76.982173] down_read+0x84/0x170\n[ 76.982177] dm_thin_find_block+0x4c/0xd0\n[ 76.982183] thin_map+0x201/0x3d0\n[ 76.982188] __map_bio+0x5b/0x350\n[ 76.982195] dm_submit_bio+0x2b6/0x930\n[ 76.982202] __submit_bio+0x123/0x2d0\n[ 76.982209] submit_bio_noacct_nocheck+0x101/0x3e0\n[ 76.982222] submit_bio_noacct+0x389/0x770\n[ 76.982227] submit_bio+0x50/0xc0\n[ 76.982232] submit_bh_wbc+0x15e/0x230\n[ 76.982238] submit_bh+0x14/0x20\n[ 76.982241] ext4_read_bh_nowait+0xc5/0x130\n[ 76.982247] ext4_read_block_bitmap_nowait+0x340/0xc60\n[ 76.982254] ext4_mb_init_cache+0x1ce/0xdc0\n[ 76.982259] ext4_mb_load_buddy_gfp+0x987/0xfa0\n[ 76.982263] ext4_discard_preallocations+0x45d/0x830\n[ 76.982274] ext4_clear_inode+0x48/0xf0\n[ 76.982280] ext4_evict_inode+0xcf/0xc70\n[ 76.982285] evict+0x119/0x2b0\n[ 76.982290] dispose_list+0x43/0xa0\n[ 76.982294] prune_icache_sb+0x64/0x90\n[ 76.982298] super_cache_scan+0x155/0x210\n[ 76.982303] do_shrink_slab+0x19e/0x4e0\n[ 76.982310] shrink_slab+0x2bd/0x450\n[ 76.982317] drop_slab+0xcc/0x1a0\n[ 76.982323] drop_caches_sysctl_handler+0xb7/0xe0\n[ 76.982327] proc_sys_call_handler+0x1bc/0x300\n[ 76.982331] proc_sys_write+0x17/0x20\n[ 76.982334] vfs_write+0x3d3/0x570\n[ 76.982342] ksys_write+0x73/0x160\n[ 76.982347] __x64_sys_write+0x1e/0x30\n[ 76.982352] do_syscall_64+0x35/0x80\n[ 76.982357] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFunct\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50549",
"url": "https://www.suse.com/security/cve/CVE-2022-50549"
},
{
"category": "external",
"summary": "SUSE Bug 1251550 for CVE-2022-50549",
"url": "https://bugzilla.suse.com/1251550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50549"
},
{
"cve": "CVE-2022-50563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm thin: Fix UAF in run_timer_softirq()\n\nWhen dm_resume() and dm_destroy() are concurrent, it will\nlead to UAF, as follows:\n\n BUG: KASAN: use-after-free in __run_timers+0x173/0x710\n Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0\n\u003csnip\u003e\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x73/0x9f\n print_report.cold+0x132/0xaa2\n _raw_spin_lock_irqsave+0xcd/0x160\n __run_timers+0x173/0x710\n kasan_report+0xad/0x110\n __run_timers+0x173/0x710\n __asan_store8+0x9c/0x140\n __run_timers+0x173/0x710\n call_timer_fn+0x310/0x310\n pvclock_clocksource_read+0xfa/0x250\n kvm_clock_read+0x2c/0x70\n kvm_clock_get_cycles+0xd/0x20\n ktime_get+0x5c/0x110\n lapic_next_event+0x38/0x50\n clockevents_program_event+0xf1/0x1e0\n run_timer_softirq+0x49/0x90\n __do_softirq+0x16e/0x62c\n __irq_exit_rcu+0x1fa/0x270\n irq_exit_rcu+0x12/0x20\n sysvec_apic_timer_interrupt+0x8e/0xc0\n\nOne of the concurrency UAF can be shown as below:\n\n use free\ndo_resume |\n __find_device_hash_cell |\n dm_get |\n atomic_inc(\u0026md-\u003eholders) |\n | dm_destroy\n | __dm_destroy\n | if (!dm_suspended_md(md))\n | atomic_read(\u0026md-\u003eholders)\n | msleep(1)\n dm_resume |\n __dm_resume |\n dm_table_resume_targets |\n pool_resume |\n do_waker #add delay work |\n dm_put |\n atomic_dec(\u0026md-\u003eholders) |\n | dm_table_destroy\n | pool_dtr\n | __pool_dec\n | __pool_destroy\n | destroy_workqueue\n | kfree(pool) # free pool\n time out\n__do_softirq\n run_timer_softirq # pool has already been freed\n\nThis can be easily reproduced using:\n 1. create thin-pool\n 2. dmsetup suspend pool\n 3. dmsetup resume pool\n 4. dmsetup remove_all # Concurrent with 3\n\nThe root cause of this UAF bug is that dm_resume() adds timer after\ndm_destroy() skips cancelling the timer because of suspend status.\nAfter timeout, it will call run_timer_softirq(), however pool has\nalready been freed. The concurrency UAF bug will happen.\n\nTherefore, cancelling timer again in __pool_destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50563",
"url": "https://www.suse.com/security/cve/CVE-2022-50563"
},
{
"category": "external",
"summary": "SUSE Bug 1252480 for CVE-2022-50563",
"url": "https://bugzilla.suse.com/1252480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50563"
},
{
"cve": "CVE-2022-50564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50564"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/netiucv: Fix return type of netiucv_tx()\n\nWith clang\u0027s kernel control flow integrity (kCFI, CONFIG_CFI_CLANG),\nindirect call targets are validated against the expected function\npointer prototype to make sure the call target is valid to help mitigate\nROP attacks. If they are not identical, there is a failure at run time,\nwhich manifests as either a kernel panic or thread getting killed. A\nproposed warning in clang aims to catch these at compile time, which\nreveals:\n\n drivers/s390/net/netiucv.c:1854:21: error: incompatible function pointer types initializing \u0027netdev_tx_t (*)(struct sk_buff *, struct net_device *)\u0027 (aka \u0027enum netdev_tx (*)(struct sk_buff *, struct net_device *)\u0027) with an expression of type \u0027int (struct sk_buff *, struct net_device *)\u0027 [-Werror,-Wincompatible-function-pointer-types-strict]\n .ndo_start_xmit = netiucv_tx,\n ^~~~~~~~~~\n\n-\u003endo_start_xmit() in \u0027struct net_device_ops\u0027 expects a return type of\n\u0027netdev_tx_t\u0027, not \u0027int\u0027. Adjust the return type of netiucv_tx() to\nmatch the prototype\u0027s to resolve the warning and potential CFI failure,\nshould s390 select ARCH_SUPPORTS_CFI_CLANG in the future.\n\nAdditionally, while in the area, remove a comment block that is no\nlonger relevant.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50564",
"url": "https://www.suse.com/security/cve/CVE-2022-50564"
},
{
"category": "external",
"summary": "SUSE Bug 1252538 for CVE-2022-50564",
"url": "https://bugzilla.suse.com/1252538"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50564"
},
{
"cve": "CVE-2022-50571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50571"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: call __btrfs_remove_free_space_cache_locked on cache load failure\n\nNow that lockdep is staying enabled through our entire CI runs I started\nseeing the following stack in generic/475\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 2171864 at fs/btrfs/discard.c:604 btrfs_discard_update_discardable+0x98/0xb0\nCPU: 1 PID: 2171864 Comm: kworker/u4:0 Not tainted 5.19.0-rc8+ #789\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\nWorkqueue: btrfs-cache btrfs_work_helper\nRIP: 0010:btrfs_discard_update_discardable+0x98/0xb0\nRSP: 0018:ffffb857c2f7bad0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff8c85c605c200 RCX: 0000000000000001\nRDX: 0000000000000000 RSI: ffffffff86807c5b RDI: ffffffff868a831e\nRBP: ffff8c85c4c54000 R08: 0000000000000000 R09: 0000000000000000\nR10: ffff8c85c66932f0 R11: 0000000000000001 R12: ffff8c85c3899010\nR13: ffff8c85d5be4f40 R14: ffff8c85c4c54000 R15: ffff8c86114bfa80\nFS: 0000000000000000(0000) GS:ffff8c863bd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f2e7f168160 CR3: 000000010289a004 CR4: 0000000000370ee0\nCall Trace:\n\n __btrfs_remove_free_space_cache+0x27/0x30\n load_free_space_cache+0xad2/0xaf0\n caching_thread+0x40b/0x650\n ? lock_release+0x137/0x2d0\n btrfs_work_helper+0xf2/0x3e0\n ? lock_is_held_type+0xe2/0x140\n process_one_work+0x271/0x590\n ? process_one_work+0x590/0x590\n worker_thread+0x52/0x3b0\n ? process_one_work+0x590/0x590\n kthread+0xf0/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x1f/0x30\n\nThis is the code\n\n ctl = block_group-\u003efree_space_ctl;\n discard_ctl = \u0026block_group-\u003efs_info-\u003ediscard_ctl;\n\n lockdep_assert_held(\u0026ctl-\u003etree_lock);\n\nWe have a temporary free space ctl for loading the free space cache in\norder to avoid having allocations happening while we\u0027re loading the\ncache. When we hit an error we free it all up, however this also calls\nbtrfs_discard_update_discardable, which requires\nblock_group-\u003efree_space_ctl-\u003etree_lock to be held. However this is our\ntemporary ctl so this lock isn\u0027t held. Fix this by calling\n__btrfs_remove_free_space_cache_locked instead so that we only clean up\nthe entries and do not mess with the discardable stats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50571",
"url": "https://www.suse.com/security/cve/CVE-2022-50571"
},
{
"category": "external",
"summary": "SUSE Bug 1252487 for CVE-2022-50571",
"url": "https://bugzilla.suse.com/1252487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50571"
},
{
"cve": "CVE-2022-50581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-50581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix OOB Read in __hfs_brec_find\n\nSyzbot reported a OOB read bug:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in hfs_strcmp+0x117/0x190\nfs/hfs/string.c:84\nRead of size 1 at addr ffff88807eb62c4e by task kworker/u4:1/11\nCPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted\n6.1.0-rc6-syzkaller-00308-g644e9524388a #0\nWorkqueue: writeback wb_workfn (flush-7:0)\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report+0xcd/0x100 mm/kasan/report.c:495\n hfs_strcmp+0x117/0x190 fs/hfs/string.c:84\n __hfs_brec_find+0x213/0x5c0 fs/hfs/bfind.c:75\n hfs_brec_find+0x276/0x520 fs/hfs/bfind.c:138\n hfs_write_inode+0x34c/0xb40 fs/hfs/inode.c:462\n write_inode fs/fs-writeback.c:1440 [inline]\n\nIf the input inode of hfs_write_inode() is incorrect:\nstruct inode\n struct hfs_inode_info\n struct hfs_cat_key\n struct hfs_name\n u8 len # len is greater than HFS_NAMELEN(31) which is the\nmaximum length of an HFS filename\n\nOOB read occurred:\nhfs_write_inode()\n hfs_brec_find()\n __hfs_brec_find()\n hfs_cat_keycmp()\n hfs_strcmp() # OOB read occurred due to len is too large\n\nFix this by adding a Check on len in hfs_write_inode() before calling\nhfs_brec_find().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-50581",
"url": "https://www.suse.com/security/cve/CVE-2022-50581"
},
{
"category": "external",
"summary": "SUSE Bug 1252549 for CVE-2022-50581",
"url": "https://bugzilla.suse.com/1252549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2022-50581"
},
{
"cve": "CVE-2023-53183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit gracefully if reloc roots don\u0027t match\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\n[CAUSE]\nThe root cause of the triggered ASSERT() is we can have a race between\nquota tree creation and relocation.\n\nThis leads us to create a duplicated quota tree in the\nbtrfs_read_fs_root() path, and since it\u0027s treated as fs tree, it would\nhave ROOT_SHAREABLE flag, causing us to create a reloc tree for it.\n\nThe bug itself is fixed by a dedicated patch for it, but this already\ntaught us the ASSERT() is not something straightforward for\ndevelopers.\n\n[ENHANCEMENT]\nInstead of using an ASSERT(), let\u0027s handle it gracefully and output\nextra info about the mismatch reloc roots to help debug.\n\nAlso with the above ASSERT() removed, we can trigger ASSERT(0)s inside\nmerge_reloc_roots() later.\nAlso replace those ASSERT(0)s with WARN_ON()s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53183",
"url": "https://www.suse.com/security/cve/CVE-2023-53183"
},
{
"category": "external",
"summary": "SUSE Bug 1249863 for CVE-2023-53183",
"url": "https://bugzilla.suse.com/1249863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53183"
},
{
"cve": "CVE-2023-53185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: don\u0027t allow to overwrite ENDPOINT0 attributes\n\nA bad USB device is able to construct a service connection response\nmessage with target endpoint being ENDPOINT0 which is reserved for\nHTC_CTRL_RSVD_SVC and should not be modified to be used for any other\nservices.\n\nReject such service connection responses.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53185",
"url": "https://www.suse.com/security/cve/CVE-2023-53185"
},
{
"category": "external",
"summary": "SUSE Bug 1249820 for CVE-2023-53185",
"url": "https://bugzilla.suse.com/1249820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53185"
},
{
"cve": "CVE-2023-53188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix race on port output\n\nassume the following setup on a single machine:\n1. An openvswitch instance with one bridge and default flows\n2. two network namespaces \"server\" and \"client\"\n3. two ovs interfaces \"server\" and \"client\" on the bridge\n4. for each ovs interface a veth pair with a matching name and 32 rx and\n tx queues\n5. move the ends of the veth pairs to the respective network namespaces\n6. assign ip addresses to each of the veth ends in the namespaces (needs\n to be the same subnet)\n7. start some http server on the server network namespace\n8. test if a client in the client namespace can reach the http server\n\nwhen following the actions below the host has a chance of getting a cpu\nstuck in a infinite loop:\n1. send a large amount of parallel requests to the http server (around\n 3000 curls should work)\n2. in parallel delete the network namespace (do not delete interfaces or\n stop the server, just kill the namespace)\n\nthere is a low chance that this will cause the below kernel cpu stuck\nmessage. If this does not happen just retry.\nBelow there is also the output of bpftrace for the functions mentioned\nin the output.\n\nThe series of events happening here is:\n1. the network namespace is deleted calling\n `unregister_netdevice_many_notify` somewhere in the process\n2. this sets first `NETREG_UNREGISTERING` on both ends of the veth and\n then runs `synchronize_net`\n3. it then calls `call_netdevice_notifiers` with `NETDEV_UNREGISTER`\n4. this is then handled by `dp_device_event` which calls\n `ovs_netdev_detach_dev` (if a vport is found, which is the case for\n the veth interface attached to ovs)\n5. this removes the rx_handlers of the device but does not prevent\n packages to be sent to the device\n6. `dp_device_event` then queues the vport deletion to work in\n background as a ovs_lock is needed that we do not hold in the\n unregistration path\n7. `unregister_netdevice_many_notify` continues to call\n `netdev_unregister_kobject` which sets `real_num_tx_queues` to 0\n8. port deletion continues (but details are not relevant for this issue)\n9. at some future point the background task deletes the vport\n\nIf after 7. but before 9. a packet is send to the ovs vport (which is\nnot deleted at this point in time) which forwards it to the\n`dev_queue_xmit` flow even though the device is unregistering.\nIn `skb_tx_hash` (which is called in the `dev_queue_xmit`) path there is\na while loop (if the packet has a rx_queue recorded) that is infinite if\n`dev-\u003ereal_num_tx_queues` is zero.\n\nTo prevent this from happening we update `do_output` to handle devices\nwithout carrier the same as if the device is not found (which would\nbe the code path after 9. is done).\n\nAdditionally we now produce a warning in `skb_tx_hash` if we will hit\nthe infinite loop.\n\nbpftrace (first word is function name):\n\n__dev_queue_xmit server: real_num_tx_queues: 1, cpu: 2, pid: 28024, tid: 28024, skb_addr: 0xffff9edb6f207000, reg_state: 1\nnetdev_core_pick_tx server: addr: 0xffff9f0a46d4a000 real_num_tx_queues: 1, cpu: 2, pid: 28024, tid: 28024, skb_addr: 0xffff9edb6f207000, reg_state: 1\ndp_device_event server: real_num_tx_queues: 1 cpu 9, pid: 21024, tid: 21024, event 2, reg_state: 1\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\ndp_device_event server: real_num_tx_queues: 1 cpu 9, pid: 21024, tid: 21024, event 6, reg_state: 2\novs_netdev_detach_dev server: real_num_tx_queues: 1 cpu 9, pid: 21024, tid: 21024, reg_state: 2\nnetdev_rx_handler_unregister server: real_num_tx_queues: 1, cpu: 9, pid: 21024, tid: 21024, reg_state: 2\nsynchronize_rcu_expedited: cpu 9, pid: 21024, tid: 21024\nnetdev_rx_handler_unregister ret server: real_num_tx_queues: 1, cpu: 9, pid: 21024, tid: 21024, reg_state: 2\ndp_\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53188",
"url": "https://www.suse.com/security/cve/CVE-2023-53188"
},
{
"category": "external",
"summary": "SUSE Bug 1249854 for CVE-2023-53188",
"url": "https://bugzilla.suse.com/1249854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53188"
},
{
"cve": "CVE-2023-53191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53191"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains\n\nof_irq_find_parent() returns a node pointer with refcount incremented,\nWe should use of_node_put() on it when not needed anymore.\nAdd missing of_node_put() to avoid refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53191",
"url": "https://www.suse.com/security/cve/CVE-2023-53191"
},
{
"category": "external",
"summary": "SUSE Bug 1249721 for CVE-2023-53191",
"url": "https://bugzilla.suse.com/1249721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53191"
},
{
"cve": "CVE-2023-53204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data-races around user-\u003eunix_inflight.\n\nuser-\u003eunix_inflight is changed under spin_lock(unix_gc_lock),\nbut too_many_unix_fds() reads it locklessly.\n\nLet\u0027s annotate the write/read accesses to user-\u003eunix_inflight.\n\nBUG: KCSAN: data-race in unix_attach_fds / unix_inflight\n\nwrite to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1:\n unix_inflight+0x157/0x180 net/unix/scm.c:66\n unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nread to 0xffffffff8546f2d0 of 8 bytes by task 44814 on cpu 0:\n too_many_unix_fds net/unix/scm.c:101 [inline]\n unix_attach_fds+0x54/0x1e0 net/unix/scm.c:110\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nvalue changed: 0x000000000000000c -\u003e 0x000000000000000d\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 44814 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53204",
"url": "https://www.suse.com/security/cve/CVE-2023-53204"
},
{
"category": "external",
"summary": "SUSE Bug 1249682 for CVE-2023-53204",
"url": "https://bugzilla.suse.com/1249682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53204"
},
{
"cve": "CVE-2023-53271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()\n\nThere is a memory leaks problem reported by kmemleak:\n\nunreferenced object 0xffff888102007a00 (size 128):\n comm \"ubirsvol\", pid 32090, jiffies 4298464136 (age 2361.231s)\n hex dump (first 32 bytes):\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\nff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................\n backtrace:\n[\u003cffffffff8176cecd\u003e] __kmalloc+0x4d/0x150\n[\u003cffffffffa02a9a36\u003e] ubi_eba_create_table+0x76/0x170 [ubi]\n[\u003cffffffffa029764e\u003e] ubi_resize_volume+0x1be/0xbc0 [ubi]\n[\u003cffffffffa02a3321\u003e] ubi_cdev_ioctl+0x701/0x1850 [ubi]\n[\u003cffffffff81975d2d\u003e] __x64_sys_ioctl+0x11d/0x170\n[\u003cffffffff83c142a5\u003e] do_syscall_64+0x35/0x80\n[\u003cffffffff83e0006a\u003e] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis is due to a mismatch between create and destroy interfaces, and\nin detail that \"new_eba_tbl\" created by ubi_eba_create_table() but\ndestroyed by kfree(), while will causing \"new_eba_tbl-\u003eentries\" not\nfreed.\n\nFix it by replacing kfree(new_eba_tbl) with\nubi_eba_destroy_table(new_eba_tbl)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53271",
"url": "https://www.suse.com/security/cve/CVE-2023-53271"
},
{
"category": "external",
"summary": "SUSE Bug 1249916 for CVE-2023-53271",
"url": "https://bugzilla.suse.com/1249916"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "low"
}
],
"title": "CVE-2023-53271"
},
{
"cve": "CVE-2023-53282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53282"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write\n\nDuring the sysfs firmware write process, a use-after-free read warning is\nlogged from the lpfc_wr_object() routine:\n\n BUG: KFENCE: use-after-free read in lpfc_wr_object+0x235/0x310 [lpfc]\n Use-after-free read at 0x0000000000cf164d (in kfence-#111):\n lpfc_wr_object+0x235/0x310 [lpfc]\n lpfc_write_firmware.cold+0x206/0x30d [lpfc]\n lpfc_sli4_request_firmware_update+0xa6/0x100 [lpfc]\n lpfc_request_firmware_upgrade_store+0x66/0xb0 [lpfc]\n kernfs_fop_write_iter+0x121/0x1b0\n new_sync_write+0x11c/0x1b0\n vfs_write+0x1ef/0x280\n ksys_write+0x5f/0xe0\n do_syscall_64+0x59/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe driver accessed wr_object pointer data, which was initialized into\nmailbox payload memory, after the mailbox object was released back to the\nmailbox pool.\n\nFix by moving the mailbox free calls to the end of the routine ensuring\nthat we don\u0027t reference internal mailbox memory after release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53282",
"url": "https://www.suse.com/security/cve/CVE-2023-53282"
},
{
"category": "external",
"summary": "SUSE Bug 1250311 for CVE-2023-53282",
"url": "https://bugzilla.suse.com/1250311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53282"
},
{
"cve": "CVE-2023-53289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53289"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: bdisp: Add missing check for create_workqueue\n\nAdd the check for the return value of the create_workqueue\nin order to avoid NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53289",
"url": "https://www.suse.com/security/cve/CVE-2023-53289"
},
{
"category": "external",
"summary": "SUSE Bug 1249941 for CVE-2023-53289",
"url": "https://bugzilla.suse.com/1249941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53289"
},
{
"cve": "CVE-2023-53292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none\n\nAfter grabbing q-\u003esysfs_lock, q-\u003eelevator may become NULL because of\nelevator switch.\n\nFix the NULL dereference on q-\u003eelevator by checking it with lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53292",
"url": "https://www.suse.com/security/cve/CVE-2023-53292"
},
{
"category": "external",
"summary": "SUSE Bug 1250163 for CVE-2023-53292",
"url": "https://bugzilla.suse.com/1250163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53292"
},
{
"cve": "CVE-2023-53338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlwt: Fix return values of BPF xmit ops\n\nBPF encap ops can return different types of positive values, such like\nNET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function\nskb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return\nvalues would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in\nip(6)_finish_output2. When this happens, skbs that have been freed would\ncontinue to the neighbor subsystem, causing use-after-free bug and\nkernel crashes.\n\nTo fix the incorrect behavior, skb_do_redirect return values can be\nsimply discarded, the same as tc-egress behavior. On the other hand,\nbpf_lwt_xmit_reroute returns useful errors to local senders, e.g. PMTU\ninformation. Thus convert its return values to avoid the conflict with\nLWTUNNEL_XMIT_CONTINUE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53338",
"url": "https://www.suse.com/security/cve/CVE-2023-53338"
},
{
"category": "external",
"summary": "SUSE Bug 1250074 for CVE-2023-53338",
"url": "https://bugzilla.suse.com/1250074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53338"
},
{
"cve": "CVE-2023-53339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix BUG_ON condition in btrfs_cancel_balance\n\nPausing and canceling balance can race to interrupt balance lead to BUG_ON\npanic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance\ndoes not take this race scenario into account.\n\nHowever, the race condition has no other side effects. We can fix that.\n\nReproducing it with panic trace like this:\n\n kernel BUG at fs/btrfs/volumes.c:4618!\n RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0\n Call Trace:\n \u003cTASK\u003e\n ? do_nanosleep+0x60/0x120\n ? hrtimer_nanosleep+0xb7/0x1a0\n ? sched_core_clone_cookie+0x70/0x70\n btrfs_ioctl_balance_ctl+0x55/0x70\n btrfs_ioctl+0xa46/0xd20\n __x64_sys_ioctl+0x7d/0xa0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n Race scenario as follows:\n \u003e mutex_unlock(\u0026fs_info-\u003ebalance_mutex);\n \u003e --------------------\n \u003e .......issue pause and cancel req in another thread\n \u003e --------------------\n \u003e ret = __btrfs_balance(fs_info);\n \u003e\n \u003e mutex_lock(\u0026fs_info-\u003ebalance_mutex);\n \u003e if (ret == -ECANCELED \u0026\u0026 atomic_read(\u0026fs_info-\u003ebalance_pause_req)) {\n \u003e btrfs_info(fs_info, \"balance: paused\");\n \u003e btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);\n \u003e }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53339",
"url": "https://www.suse.com/security/cve/CVE-2023-53339"
},
{
"category": "external",
"summary": "SUSE Bug 1250329 for CVE-2023-53339",
"url": "https://bugzilla.suse.com/1250329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53339"
},
{
"cve": "CVE-2023-53373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: seqiv - Handle EBUSY correctly\n\nAs it is seqiv only handles the special return value of EINPROGERSS,\nwhich means that in all other cases it will free data related to the\nrequest.\n\nHowever, as the caller of seqiv may specify MAY_BACKLOG, we also need\nto expect EBUSY and treat it in the same way. Otherwise backlogged\nrequests will trigger a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53373",
"url": "https://www.suse.com/security/cve/CVE-2023-53373"
},
{
"category": "external",
"summary": "SUSE Bug 1250137 for CVE-2023-53373",
"url": "https://bugzilla.suse.com/1250137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53373"
},
{
"cve": "CVE-2023-53433",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53433"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add vlan_get_protocol_and_depth() helper\n\nBefore blamed commit, pskb_may_pull() was used instead\nof skb_header_pointer() in __vlan_get_protocol() and friends.\n\nFew callers depended on skb-\u003ehead being populated with MAC header,\nsyzbot caught one of them (skb_mac_gso_segment())\n\nAdd vlan_get_protocol_and_depth() to make the intent clearer\nand use it where sensible.\n\nThis is a more generic fix than commit e9d3f80935b6\n(\"net/af_packet: make sure to pull mac header\") which was\ndealing with a similar issue.\n\nkernel BUG at include/linux/skbuff.h:2655 !\ninvalid opcode: 0000 [#1] SMP KASAN\nCPU: 0 PID: 1441 Comm: syz-executor199 Not tainted 6.1.24-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023\nRIP: 0010:__skb_pull include/linux/skbuff.h:2655 [inline]\nRIP: 0010:skb_mac_gso_segment+0x68f/0x6a0 net/core/gro.c:136\nCode: fd 48 8b 5c 24 10 44 89 6b 70 48 c7 c7 c0 ae 0d 86 44 89 e6 e8 a1 91 d0 00 48 c7 c7 00 af 0d 86 48 89 de 31 d2 e8 d1 4a e9 ff \u003c0f\u003e 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41\nRSP: 0018:ffffc90001bd7520 EFLAGS: 00010286\nRAX: ffffffff8469736a RBX: ffff88810f31dac0 RCX: ffff888115a18b00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc90001bd75e8 R08: ffffffff84697183 R09: fffff5200037adf9\nR10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000012\nR13: 000000000000fee5 R14: 0000000000005865 R15: 000000000000fed7\nFS: 000055555633f300(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 0000000116fea000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff847018dd\u003e] __skb_gso_segment+0x32d/0x4c0 net/core/dev.c:3419\n[\u003cffffffff8470398a\u003e] skb_gso_segment include/linux/netdevice.h:4819 [inline]\n[\u003cffffffff8470398a\u003e] validate_xmit_skb+0x3aa/0xee0 net/core/dev.c:3725\n[\u003cffffffff84707042\u003e] __dev_queue_xmit+0x1332/0x3300 net/core/dev.c:4313\n[\u003cffffffff851a9ec7\u003e] dev_queue_xmit+0x17/0x20 include/linux/netdevice.h:3029\n[\u003cffffffff851b4a82\u003e] packet_snd net/packet/af_packet.c:3111 [inline]\n[\u003cffffffff851b4a82\u003e] packet_sendmsg+0x49d2/0x6470 net/packet/af_packet.c:3142\n[\u003cffffffff84669a12\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff84669a12\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff84669a12\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff84669c75\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff84669c75\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff84669c75\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8551d40f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8551d40f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53433",
"url": "https://www.suse.com/security/cve/CVE-2023-53433"
},
{
"category": "external",
"summary": "SUSE Bug 1250164 for CVE-2023-53433",
"url": "https://bugzilla.suse.com/1250164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53433"
},
{
"cve": "CVE-2023-53476",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53476"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry()\n\nThis condition needs to match the previous \"if (epcp-\u003estate == LISTEN) {\"\nexactly to avoid a NULL dereference of either \"listen_ep\" or \"ep\". The\nproblem is that \"epcp\" has been re-assigned so just testing\n\"if (epcp-\u003estate == LISTEN) {\" a second time is not sufficient.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53476",
"url": "https://www.suse.com/security/cve/CVE-2023-53476"
},
{
"category": "external",
"summary": "SUSE Bug 1250839 for CVE-2023-53476",
"url": "https://bugzilla.suse.com/1250839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53476"
},
{
"cve": "CVE-2023-53477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53477"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Add lwtunnel encap size of all siblings in nexthop calculation\n\nIn function rt6_nlmsg_size(), the length of nexthop is calculated\nby multipling the nexthop length of fib6_info and the number of\nsiblings. However if the fib6_info has no lwtunnel but the siblings\nhave lwtunnels, the nexthop length is less than it should be, and\nit will trigger a warning in inet6_rt_notify() as follows:\n\nWARNING: CPU: 0 PID: 6082 at net/ipv6/route.c:6180 inet6_rt_notify+0x120/0x130\n......\nCall Trace:\n \u003cTASK\u003e\n fib6_add_rt2node+0x685/0xa30\n fib6_add+0x96/0x1b0\n ip6_route_add+0x50/0xd0\n inet6_rtm_newroute+0x97/0xa0\n rtnetlink_rcv_msg+0x156/0x3d0\n netlink_rcv_skb+0x5a/0x110\n netlink_unicast+0x246/0x350\n netlink_sendmsg+0x250/0x4c0\n sock_sendmsg+0x66/0x70\n ___sys_sendmsg+0x7c/0xd0\n __sys_sendmsg+0x5d/0xb0\n do_syscall_64+0x3f/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nThis bug can be reproduced by script:\n\nip -6 addr add 2002::2/64 dev ens2\nip -6 route add 100::/64 via 2002::1 dev ens2 metric 100\n\nfor i in 10 20 30 40 50 60 70;\ndo\n\tip link add link ens2 name ipv_$i type ipvlan\n\tip -6 addr add 2002::$i/64 dev ipv_$i\n\tifconfig ipv_$i up\ndone\n\nfor i in 10 20 30 40 50 60;\ndo\n\tip -6 route append 100::/64 encap ip6 dst 2002::$i via 2002::1\ndev ipv_$i metric 100\ndone\n\nip -6 route append 100::/64 via 2002::1 dev ipv_70 metric 100\n\nThis patch fixes it by adding nexthop_len of every siblings using\nrt6_nh_nlmsg_size().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53477",
"url": "https://www.suse.com/security/cve/CVE-2023-53477"
},
{
"category": "external",
"summary": "SUSE Bug 1250840 for CVE-2023-53477",
"url": "https://bugzilla.suse.com/1250840"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53477"
},
{
"cve": "CVE-2023-53484",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53484"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: cpu_rmap: Avoid use after free on rmap-\u003eobj array entries\n\nWhen calling irq_set_affinity_notifier() with NULL at the notify\nargument, it will cause freeing of the glue pointer in the\ncorresponding array entry but will leave the pointer in the array. A\nsubsequent call to free_irq_cpu_rmap() will try to free this entry again\nleading to possible use after free.\n\nFix that by setting NULL to the array entry and checking that we have\nnon-zero at the array entry when iterating over the array in\nfree_irq_cpu_rmap().\n\nThe current code does not suffer from this since there are no cases\nwhere irq_set_affinity_notifier(irq, NULL) (note the NULL passed for the\nnotify arg) is called, followed by a call to free_irq_cpu_rmap() so we\ndon\u0027t hit and issue. Subsequent patches in this series excersize this\nflow, hence the required fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53484",
"url": "https://www.suse.com/security/cve/CVE-2023-53484"
},
{
"category": "external",
"summary": "SUSE Bug 1250895 for CVE-2023-53484",
"url": "https://bugzilla.suse.com/1250895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53484"
},
{
"cve": "CVE-2023-53517",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53517"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: do not update mtu if msg_max is too small in mtu negotiation\n\nWhen doing link mtu negotiation, a malicious peer may send Activate msg\nwith a very small mtu, e.g. 4 in Shuang\u0027s testing, without checking for\nthe minimum mtu, l-\u003emtu will be set to 4 in tipc_link_proto_rcv(), then\nn-\u003elinks[bearer_id].mtu is set to 4294967228, which is a overflow of\n\u00274 - INT_H_SIZE - EMSG_OVERHEAD\u0027 in tipc_link_mss().\n\nWith tipc_link.mtu = 4, tipc_link_xmit() kept printing the warning:\n\n tipc: Too large msg, purging xmit list 1 5 0 40 4!\n tipc: Too large msg, purging xmit list 1 15 0 60 4!\n\nAnd with tipc_link_entry.mtu 4294967228, a huge skb was allocated in\nnamed_distribute(), and when purging it in tipc_link_xmit(), a crash\nwas even caused:\n\n general protection fault, probably for non-canonical address 0x2100001011000dd: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Not tainted 6.3.0.neta #19\n RIP: 0010:kfree_skb_list_reason+0x7e/0x1f0\n Call Trace:\n \u003cIRQ\u003e\n skb_release_data+0xf9/0x1d0\n kfree_skb_reason+0x40/0x100\n tipc_link_xmit+0x57a/0x740 [tipc]\n tipc_node_xmit+0x16c/0x5c0 [tipc]\n tipc_named_node_up+0x27f/0x2c0 [tipc]\n tipc_node_write_unlock+0x149/0x170 [tipc]\n tipc_rcv+0x608/0x740 [tipc]\n tipc_udp_recv+0xdc/0x1f0 [tipc]\n udp_queue_rcv_one_skb+0x33e/0x620\n udp_unicast_rcv_skb.isra.72+0x75/0x90\n __udp4_lib_rcv+0x56d/0xc20\n ip_protocol_deliver_rcu+0x100/0x2d0\n\nThis patch fixes it by checking the new mtu against tipc_bearer_min_mtu(),\nand not updating mtu if it is too small.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53517",
"url": "https://www.suse.com/security/cve/CVE-2023-53517"
},
{
"category": "external",
"summary": "SUSE Bug 1250919 for CVE-2023-53517",
"url": "https://bugzilla.suse.com/1250919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53517"
},
{
"cve": "CVE-2023-53519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53519"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-mem2mem: add lock to protect parameter num_rdy\n\nGetting below error when using KCSAN to check the driver. Adding lock to\nprotect parameter num_rdy when getting the value with function:\nv4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready.\n\nkworker/u16:3: [name:report\u0026]BUG: KCSAN: data-race in v4l2_m2m_buf_queue\nkworker/u16:3: [name:report\u0026]\n\nkworker/u16:3: [name:report\u0026]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 on cpu 7:\nkworker/u16:3: v4l2_m2m_buf_queue+0xd8/0x10c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53519",
"url": "https://www.suse.com/security/cve/CVE-2023-53519"
},
{
"category": "external",
"summary": "SUSE Bug 1250964 for CVE-2023-53519",
"url": "https://bugzilla.suse.com/1250964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53519"
},
{
"cve": "CVE-2023-53533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53533"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: raspberrypi-ts - fix refcount leak in rpi_ts_probe\n\nrpi_firmware_get() take reference, we need to release it in error paths\nas well. Use devm_rpi_firmware_get() helper to handling the resources.\nAlso remove the existing rpi_firmware_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53533",
"url": "https://www.suse.com/security/cve/CVE-2023-53533"
},
{
"category": "external",
"summary": "SUSE Bug 1251080 for CVE-2023-53533",
"url": "https://bugzilla.suse.com/1251080"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53533"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53564"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix defrag path triggering jbd2 ASSERT\n\ncode path:\n\nocfs2_ioctl_move_extents\n ocfs2_move_extents\n ocfs2_defrag_extent\n __ocfs2_move_extent\n + ocfs2_journal_access_di\n + ocfs2_split_extent //sub-paths call jbd2_journal_restart\n + ocfs2_journal_dirty //crash by jbs2 ASSERT\n\ncrash stacks:\n\nPID: 11297 TASK: ffff974a676dcd00 CPU: 67 COMMAND: \"defragfs.ocfs2\"\n #0 [ffffb25d8dad3900] machine_kexec at ffffffff8386fe01\n #1 [ffffb25d8dad3958] __crash_kexec at ffffffff8395959d\n #2 [ffffb25d8dad3a20] crash_kexec at ffffffff8395a45d\n #3 [ffffb25d8dad3a38] oops_end at ffffffff83836d3f\n #4 [ffffb25d8dad3a58] do_trap at ffffffff83833205\n #5 [ffffb25d8dad3aa0] do_invalid_op at ffffffff83833aa6\n #6 [ffffb25d8dad3ac0] invalid_op at ffffffff84200d18\n [exception RIP: jbd2_journal_dirty_metadata+0x2ba]\n RIP: ffffffffc09ca54a RSP: ffffb25d8dad3b70 RFLAGS: 00010207\n RAX: 0000000000000000 RBX: ffff9706eedc5248 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: ffff97337029ea28 RDI: ffff9706eedc5250\n RBP: ffff9703c3520200 R8: 000000000f46b0b2 R9: 0000000000000000\n R10: 0000000000000001 R11: 00000001000000fe R12: ffff97337029ea28\n R13: 0000000000000000 R14: ffff9703de59bf60 R15: ffff9706eedc5250\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #7 [ffffb25d8dad3ba8] ocfs2_journal_dirty at ffffffffc137fb95 [ocfs2]\n #8 [ffffb25d8dad3be8] __ocfs2_move_extent at ffffffffc139a950 [ocfs2]\n #9 [ffffb25d8dad3c80] ocfs2_defrag_extent at ffffffffc139b2d2 [ocfs2]\n\nAnalysis\n\nThis bug has the same root cause of \u0027commit 7f27ec978b0e (\"ocfs2: call\nocfs2_journal_access_di() before ocfs2_journal_dirty() in\nocfs2_write_end_nolock()\")\u0027. For this bug, jbd2_journal_restart() is\ncalled by ocfs2_split_extent() during defragmenting.\n\nHow to fix\n\nFor ocfs2_split_extent() can handle journal operations totally by itself. \nCaller doesn\u0027t need to call journal access/dirty pair, and caller only\nneeds to call journal start/stop pair. The fix method is to remove\njournal access/dirty from __ocfs2_move_extent().\n\nThe discussion for this patch:\nhttps://oss.oracle.com/pipermail/ocfs2-devel/2023-February/000647.html",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53564",
"url": "https://www.suse.com/security/cve/CVE-2023-53564"
},
{
"category": "external",
"summary": "SUSE Bug 1251072 for CVE-2023-53564",
"url": "https://bugzilla.suse.com/1251072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53564"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds\n\nFix a stack-out-of-bounds read in brcmfmac that occurs\nwhen \u0027buf\u0027 that is not null-terminated is passed as an argument of\nstrreplace() in brcmf_c_preinit_dcmds(). This buffer is filled with\na CLM version string by memcpy() in brcmf_fil_iovar_data_get().\nEnsure buf is null-terminated.\n\nFound by a modified version of syzkaller.\n\n[ 33.004414][ T1896] brcmfmac: brcmf_c_process_clm_blob: no clm_blob available (err=-2), device may have limited channels available\n[ 33.013486][ T1896] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43236/3 wl0: Nov 30 2011 17:33:42 version 5.90.188.22\n[ 33.021554][ T1896] ==================================================================\n[ 33.022379][ T1896] BUG: KASAN: stack-out-of-bounds in strreplace+0xf2/0x110\n[ 33.023122][ T1896] Read of size 1 at addr ffffc90001d6efc8 by task kworker/0:2/1896\n[ 33.023852][ T1896]\n[ 33.024096][ T1896] CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G O 5.14.0+ #132\n[ 33.024927][ T1896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\n[ 33.026065][ T1896] Workqueue: usb_hub_wq hub_event\n[ 33.026581][ T1896] Call Trace:\n[ 33.026896][ T1896] dump_stack_lvl+0x57/0x7d\n[ 33.027372][ T1896] print_address_description.constprop.0.cold+0xf/0x334\n[ 33.028037][ T1896] ? strreplace+0xf2/0x110\n[ 33.028403][ T1896] ? strreplace+0xf2/0x110\n[ 33.028807][ T1896] kasan_report.cold+0x83/0xdf\n[ 33.029283][ T1896] ? strreplace+0xf2/0x110\n[ 33.029666][ T1896] strreplace+0xf2/0x110\n[ 33.029966][ T1896] brcmf_c_preinit_dcmds+0xab1/0xc40\n[ 33.030351][ T1896] ? brcmf_c_set_joinpref_default+0x100/0x100\n[ 33.030787][ T1896] ? rcu_read_lock_sched_held+0xa1/0xd0\n[ 33.031223][ T1896] ? rcu_read_lock_bh_held+0xb0/0xb0\n[ 33.031661][ T1896] ? lock_acquire+0x19d/0x4e0\n[ 33.032091][ T1896] ? find_held_lock+0x2d/0x110\n[ 33.032605][ T1896] ? brcmf_usb_deq+0x1a7/0x260\n[ 33.033087][ T1896] ? brcmf_usb_rx_fill_all+0x5a/0xf0\n[ 33.033582][ T1896] brcmf_attach+0x246/0xd40\n[ 33.034022][ T1896] ? wiphy_new_nm+0x1476/0x1d50\n[ 33.034383][ T1896] ? kmemdup+0x30/0x40\n[ 33.034722][ T1896] brcmf_usb_probe+0x12de/0x1690\n[ 33.035223][ T1896] ? brcmf_usbdev_qinit.constprop.0+0x470/0x470\n[ 33.035833][ T1896] usb_probe_interface+0x25f/0x710\n[ 33.036315][ T1896] really_probe+0x1be/0xa90\n[ 33.036656][ T1896] __driver_probe_device+0x2ab/0x460\n[ 33.037026][ T1896] ? usb_match_id.part.0+0x88/0xc0\n[ 33.037383][ T1896] driver_probe_device+0x49/0x120\n[ 33.037790][ T1896] __device_attach_driver+0x18a/0x250\n[ 33.038300][ T1896] ? driver_allows_async_probing+0x120/0x120\n[ 33.038986][ T1896] bus_for_each_drv+0x123/0x1a0\n[ 33.039906][ T1896] ? bus_rescan_devices+0x20/0x20\n[ 33.041412][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n[ 33.041861][ T1896] ? trace_hardirqs_on+0x1c/0x120\n[ 33.042330][ T1896] __device_attach+0x207/0x330\n[ 33.042664][ T1896] ? device_bind_driver+0xb0/0xb0\n[ 33.043026][ T1896] ? kobject_uevent_env+0x230/0x12c0\n[ 33.043515][ T1896] bus_probe_device+0x1a2/0x260\n[ 33.043914][ T1896] device_add+0xa61/0x1ce0\n[ 33.044227][ T1896] ? __mutex_unlock_slowpath+0xe7/0x660\n[ 33.044891][ T1896] ? __fw_devlink_link_to_suppliers+0x550/0x550\n[ 33.045531][ T1896] usb_set_configuration+0x984/0x1770\n[ 33.046051][ T1896] ? kernfs_create_link+0x175/0x230\n[ 33.046548][ T1896] usb_generic_driver_probe+0x69/0x90\n[ 33.046931][ T1896] usb_probe_device+0x9c/0x220\n[ 33.047434][ T1896] really_probe+0x1be/0xa90\n[ 33.047760][ T1896] __driver_probe_device+0x2ab/0x460\n[ 33.048134][ T1896] driver_probe_device+0x49/0x120\n[ 33.048516][ T1896] __device_attach_driver+0x18a/0x250\n[ 33.048910][ T1896] ? driver_allows_async_probing+0x120/0x120\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53582",
"url": "https://www.suse.com/security/cve/CVE-2023-53582"
},
{
"category": "external",
"summary": "SUSE Bug 1251061 for CVE-2023-53582",
"url": "https://bugzilla.suse.com/1251061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53582"
},
{
"cve": "CVE-2023-53587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53587"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Sync IRQ works before buffer destruction\n\nIf something was written to the buffer just before destruction,\nit may be possible (maybe not in a real system, but it did\nhappen in ARCH=um with time-travel) to destroy the ringbuffer\nbefore the IRQ work ran, leading this KASAN report (or a crash\nwithout KASAN):\n\n BUG: KASAN: slab-use-after-free in irq_work_run_list+0x11a/0x13a\n Read of size 8 at addr 000000006d640a48 by task swapper/0\n\n CPU: 0 PID: 0 Comm: swapper Tainted: G W O 6.3.0-rc1 #7\n Stack:\n 60c4f20f 0c203d48 41b58ab3 60f224fc\n 600477fa 60f35687 60c4f20f 601273dd\n 00000008 6101eb00 6101eab0 615be548\n Call Trace:\n [\u003c60047a58\u003e] show_stack+0x25e/0x282\n [\u003c60c609e0\u003e] dump_stack_lvl+0x96/0xfd\n [\u003c60c50d4c\u003e] print_report+0x1a7/0x5a8\n [\u003c603078d3\u003e] kasan_report+0xc1/0xe9\n [\u003c60308950\u003e] __asan_report_load8_noabort+0x1b/0x1d\n [\u003c60232844\u003e] irq_work_run_list+0x11a/0x13a\n [\u003c602328b4\u003e] irq_work_tick+0x24/0x34\n [\u003c6017f9dc\u003e] update_process_times+0x162/0x196\n [\u003c6019f335\u003e] tick_sched_handle+0x1a4/0x1c3\n [\u003c6019fd9e\u003e] tick_sched_timer+0x79/0x10c\n [\u003c601812b9\u003e] __hrtimer_run_queues.constprop.0+0x425/0x695\n [\u003c60182913\u003e] hrtimer_interrupt+0x16c/0x2c4\n [\u003c600486a3\u003e] um_timer+0x164/0x183\n [...]\n\n Allocated by task 411:\n save_stack_trace+0x99/0xb5\n stack_trace_save+0x81/0x9b\n kasan_save_stack+0x2d/0x54\n kasan_set_track+0x34/0x3e\n kasan_save_alloc_info+0x25/0x28\n ____kasan_kmalloc+0x8b/0x97\n __kasan_kmalloc+0x10/0x12\n __kmalloc+0xb2/0xe8\n load_elf_phdrs+0xee/0x182\n [...]\n\n The buggy address belongs to the object at 000000006d640800\n which belongs to the cache kmalloc-1k of size 1024\n The buggy address is located 584 bytes inside of\n freed 1024-byte region [000000006d640800, 000000006d640c00)\n\nAdd the appropriate irq_work_sync() so the work finishes before\nthe buffers are destroyed.\n\nPrior to the commit in the Fixes tag below, there was only a\nsingle global IRQ work, so this issue didn\u0027t exist.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53587",
"url": "https://www.suse.com/security/cve/CVE-2023-53587"
},
{
"category": "external",
"summary": "SUSE Bug 1251128 for CVE-2023-53587",
"url": "https://bugzilla.suse.com/1251128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53587"
},
{
"cve": "CVE-2023-53589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: don\u0027t trust firmware n_channels\n\nIf the firmware sends us a corrupted MCC response with\nn_channels much larger than the command response can be,\nwe might copy far too much (uninitialized) memory and\neven crash if the n_channels is large enough to make it\nrun out of the one page allocated for the FW response.\n\nFix that by checking the lengths. Doing a \u003c comparison\nwould be sufficient, but the firmware should be doing\nit correctly, so check more strictly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53589",
"url": "https://www.suse.com/security/cve/CVE-2023-53589"
},
{
"category": "external",
"summary": "SUSE Bug 1251129 for CVE-2023-53589",
"url": "https://bugzilla.suse.com/1251129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53589"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53594"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndriver core: fix resource leak in device_add()\n\nWhen calling kobject_add() failed in device_add(), it will call\ncleanup_glue_dir() to free resource. But in kobject_add(),\ndev-\u003ekobj.parent has been set to NULL. This will cause resource leak.\n\nThe process is as follows:\ndevice_add()\n\tget_device_parent()\n\t\tclass_dir_create_and_add()\n\t\t\tkobject_add()\t\t//kobject_get()\n\t...\n\tdev-\u003ekobj.parent = kobj;\n\t...\n\tkobject_add()\t\t//failed, but set dev-\u003ekobj.parent = NULL\n\t...\n\tglue_dir = get_glue_dir(dev)\t//glue_dir = NULL, and goto\n\t\t\t\t\t//\"Error\" label\n\t...\n\tcleanup_glue_dir()\t//becaues glue_dir is NULL, not call\n\t\t\t\t//kobject_put()\n\nThe preceding problem may cause insmod mac80211_hwsim.ko to failed.\nsysfs: cannot create duplicate filename \u0027/devices/virtual/mac80211_hwsim\u0027\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x8e/0xd1\nsysfs_warn_dup.cold+0x1c/0x29\nsysfs_create_dir_ns+0x224/0x280\nkobject_add_internal+0x2aa/0x880\nkobject_add+0x135/0x1a0\nget_device_parent+0x3d7/0x590\ndevice_add+0x2aa/0x1cb0\ndevice_create_groups_vargs+0x1eb/0x260\ndevice_create+0xdc/0x110\nmac80211_hwsim_new_radio+0x31e/0x4790 [mac80211_hwsim]\ninit_mac80211_hwsim+0x48d/0x1000 [mac80211_hwsim]\ndo_one_initcall+0x10f/0x630\ndo_init_module+0x19f/0x5e0\nload_module+0x64b7/0x6eb0\n__do_sys_finit_module+0x140/0x200\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\n\u003c/TASK\u003e\nkobject_add_internal failed for mac80211_hwsim with -EEXIST, don\u0027t try to\nregister things with the same name in the same directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53594",
"url": "https://www.suse.com/security/cve/CVE-2023-53594"
},
{
"category": "external",
"summary": "SUSE Bug 1251166 for CVE-2023-53594",
"url": "https://bugzilla.suse.com/1251166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53594"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm integrity: call kmem_cache_destroy() in dm_integrity_init() error path\n\nOtherwise the journal_io_cache will leak if dm_register_target() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53604",
"url": "https://www.suse.com/security/cve/CVE-2023-53604"
},
{
"category": "external",
"summary": "SUSE Bug 1251210 for CVE-2023-53604",
"url": "https://bugzilla.suse.com/1251210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53604"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53620"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix soft lockup in status_resync\n\nstatus_resync() will calculate \u0027curr_resync - recovery_active\u0027 to show\nuser a progress bar like following:\n\n[============\u003e........] resync = 61.4%\n\n\u0027curr_resync\u0027 and \u0027recovery_active\u0027 is updated in md_do_sync(), and\nstatus_resync() can read them concurrently, hence it\u0027s possible that\n\u0027curr_resync - recovery_active\u0027 can overflow to a huge number. In this\ncase status_resync() will be stuck in the loop to print a large amount\nof \u0027=\u0027, which will end up soft lockup.\n\nFix the problem by setting \u0027resync\u0027 to MD_RESYNC_ACTIVE in this case,\nthis way resync in progress will be reported to user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53620",
"url": "https://www.suse.com/security/cve/CVE-2023-53620"
},
{
"category": "external",
"summary": "SUSE Bug 1251318 for CVE-2023-53620",
"url": "https://bugzilla.suse.com/1251318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53620"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53624"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_fq: fix integer overflow of \"credit\"\n\nif sch_fq is configured with \"initial quantum\" having values greater than\nINT_MAX, the first assignment of \"credit\" does signed integer overflow to\na very negative value.\nIn this situation, the syzkaller script provided by Cristoph triggers the\nCPU soft-lockup warning even with few sockets. It\u0027s not an infinite loop,\nbut \"credit\" wasn\u0027t probably meant to be minus 2Gb for each new flow.\nCapping \"initial quantum\" to INT_MAX proved to fix the issue.\n\nv2: validation of \"initial quantum\" is done in fq_policy, instead of open\n coding in fq_change() _ suggested by Jakub Kicinski",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53624",
"url": "https://www.suse.com/security/cve/CVE-2023-53624"
},
{
"category": "external",
"summary": "SUSE Bug 1251333 for CVE-2023-53624",
"url": "https://bugzilla.suse.com/1251333"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53624"
},
{
"cve": "CVE-2023-53635",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53635"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: fix wrong ct-\u003etimeout value\n\n(struct nf_conn)-\u003etimeout is an interval before the conntrack\nconfirmed. After confirmed, it becomes a timestamp.\n\nIt is observed that timeout of an unconfirmed conntrack:\n- Set by calling ctnetlink_change_timeout(). As a result,\n `nfct_time_stamp` was wrongly added to `ct-\u003etimeout` twice.\n- Get by calling ctnetlink_dump_timeout(). As a result,\n `nfct_time_stamp` was wrongly subtracted.\n\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n ctnetlink_dump_timeout\n __ctnetlink_glue_build\n ctnetlink_glue_build\n __nfqnl_enqueue_packet\n nf_queue\n nf_hook_slow\n ip_mc_output\n ? __pfx_ip_finish_output\n ip_send_skb\n ? __pfx_dst_output\n udp_send_skb\n udp_sendmsg\n ? __pfx_ip_generic_getfrag\n sock_sendmsg\n\nSeparate the 2 cases in:\n- Setting `ct-\u003etimeout` in __nf_ct_set_timeout().\n- Getting `ct-\u003etimeout` in ctnetlink_dump_timeout().\n\nPablo appends:\n\nUpdate ctnetlink to set up the timeout _after_ the IPS_CONFIRMED flag is\nset on, otherwise conntrack creation via ctnetlink breaks.\n\nNote that the problem described in this patch occurs since the\nintroduction of the nfnetlink_queue conntrack support, select a\nsufficiently old Fixes: tag for -stable kernel to pick up this fix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53635",
"url": "https://www.suse.com/security/cve/CVE-2023-53635"
},
{
"category": "external",
"summary": "SUSE Bug 1251524 for CVE-2023-53635",
"url": "https://bugzilla.suse.com/1251524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53635"
},
{
"cve": "CVE-2023-53644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: radio-shark: Add endpoint checks\n\nThe syzbot fuzzer was able to provoke a WARNING from the radio-shark2\ndriver:\n\n------------[ cut here ]------------\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 3271 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 3271 Comm: kworker/0:3 Not tainted 6.1.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 00 36 ea fb 48 8b 7c 24 18 e8 36 1c 02 ff 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 b6 90 8a e8 9a 29 b8 03 \u003c0f\u003e 0b e9 58 f8 ff ff e8 d2 35 ea fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc90003876dd0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000\nRDX: ffff8880750b0040 RSI: ffffffff816152b8 RDI: fffff5200070edac\nRBP: ffff8880172d81e0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000001\nR13: ffff8880285c5040 R14: 0000000000000002 R15: ffff888017158200\nFS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffe03235b90 CR3: 000000000bc8e000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58\n usb_bulk_msg+0x226/0x550 drivers/usb/core/message.c:387\n shark_write_reg+0x1ff/0x2e0 drivers/media/radio/radio-shark2.c:88\n...\n\nThe problem was caused by the fact that the driver does not check\nwhether the endpoints it uses are actually present and have the\nappropriate types. This can be fixed by adding a simple check of\nthese endpoints (and similarly for the radio-shark driver).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53644",
"url": "https://www.suse.com/security/cve/CVE-2023-53644"
},
{
"category": "external",
"summary": "SUSE Bug 1251736 for CVE-2023-53644",
"url": "https://bugzilla.suse.com/1251736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53644"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53667"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: cdc_ncm: Deal with too low values of dwNtbOutMaxSize\n\nCurrently in cdc_ncm_check_tx_max(), if dwNtbOutMaxSize is lower than\nthe calculated \"min\" value, but greater than zero, the logic sets\ntx_max to dwNtbOutMaxSize. This is then used to allocate a new SKB in\ncdc_ncm_fill_tx_frame() where all the data is handled.\n\nFor small values of dwNtbOutMaxSize the memory allocated during\nalloc_skb(dwNtbOutMaxSize, GFP_ATOMIC) will have the same size, due to\nhow size is aligned at alloc time:\n\tsize = SKB_DATA_ALIGN(size);\n size += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));\nThus we hit the same bug that we tried to squash with\ncommit 2be6d4d16a084 (\"net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero\")\n\nLow values of dwNtbOutMaxSize do not cause an issue presently because at\nalloc_skb() time more memory (512b) is allocated than required for the\nSKB headers alone (320b), leaving some space (512b - 320b = 192b)\nfor CDC data (172b).\n\nHowever, if more elements (for example 3 x u64 = [24b]) were added to\none of the SKB header structs, say \u0027struct skb_shared_info\u0027,\nincreasing its original size (320b [320b aligned]) to something larger\n(344b [384b aligned]), then suddenly the CDC data (172b) no longer\nfits in the spare SKB data area (512b - 384b = 128b).\n\nConsequently the SKB bounds checking semantics fails and panics:\n\nskbuff: skb_over_panic: text:ffffffff831f755b len:184 put:172 head:ffff88811f1c6c00 data:ffff88811f1c6c00 tail:0xb8 end:0x80 dev:\u003cNULL\u003e\n------------[ cut here ]------------\nkernel BUG at net/core/skbuff.c:113!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN\nCPU: 0 PID: 57 Comm: kworker/0:2 Not tainted 5.15.106-syzkaller-00249-g19c0ed55a470 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:skb_panic net/core/skbuff.c:113 [inline]\nRIP: 0010:skb_over_panic+0x14c/0x150 net/core/skbuff.c:118\n[snip]\nCall Trace:\n \u003cTASK\u003e\n skb_put+0x151/0x210 net/core/skbuff.c:2047\n skb_put_zero include/linux/skbuff.h:2422 [inline]\n cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1131 [inline]\n cdc_ncm_fill_tx_frame+0x11ab/0x3da0 drivers/net/usb/cdc_ncm.c:1308\n cdc_ncm_tx_fixup+0xa3/0x100\n\nDeal with too low values of dwNtbOutMaxSize, clamp it in the range\n[USB_CDC_NCM_NTB_MIN_OUT_SIZE, CDC_NCM_NTB_MAX_SIZE_TX]. We ensure\nenough data space is allocated to handle CDC data by making sure\ndwNtbOutMaxSize is not smaller than USB_CDC_NCM_NTB_MIN_OUT_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53667",
"url": "https://www.suse.com/security/cve/CVE-2023-53667"
},
{
"category": "external",
"summary": "SUSE Bug 1251761 for CVE-2023-53667",
"url": "https://bugzilla.suse.com/1251761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53667"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix possible desc_ptr out-of-bounds accesses\n\nSanitize possible desc_ptr out-of-bounds accesses in\nses_enclosure_data_process().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53675",
"url": "https://www.suse.com/security/cve/CVE-2023-53675"
},
{
"category": "external",
"summary": "SUSE Bug 1251325 for CVE-2023-53675",
"url": "https://bugzilla.suse.com/1251325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53675"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()\n\nsyzbot is hitting WARN_ON() in hfsplus_cat_{read,write}_inode(), for\ncrafted filesystem image can contain bogus length. There conditions are\nnot kernel bugs that can justify kernel to panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53683",
"url": "https://www.suse.com/security/cve/CVE-2023-53683"
},
{
"category": "external",
"summary": "SUSE Bug 1251329 for CVE-2023-53683",
"url": "https://bugzilla.suse.com/1251329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53683"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Detect system inodes linked into directory hierarchy\n\nWhen UDF filesystem is corrupted, hidden system inodes can be linked\ninto directory hierarchy which is an avenue for further serious\ncorruption of the filesystem and kernel confusion as noticed by syzbot\nfuzzed images. Refuse to access system inodes linked into directory\nhierarchy and vice versa.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53695",
"url": "https://www.suse.com/security/cve/CVE-2023-53695"
},
{
"category": "external",
"summary": "SUSE Bug 1252539 for CVE-2023-53695",
"url": "https://bugzilla.suse.com/1252539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53695"
},
{
"cve": "CVE-2023-53696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53696"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix memory leak in qla2x00_probe_one()\n\nThere is a memory leak reported by kmemleak:\n\n unreferenced object 0xffffc900003f0000 (size 12288):\n comm \"modprobe\", pid 19117, jiffies 4299751452 (age 42490.264s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c00000000629261a8\u003e] __vmalloc_node_range+0xe56/0x1110\n [\u003c0000000001906886\u003e] __vmalloc_node+0xbd/0x150\n [\u003c000000005bb4dc34\u003e] vmalloc+0x25/0x30\n [\u003c00000000a2dc1194\u003e] qla2x00_create_host+0x7a0/0xe30 [qla2xxx]\n [\u003c0000000062b14b47\u003e] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx]\n [\u003c00000000641ccc04\u003e] local_pci_probe+0xeb/0x1a0\n\nThe root cause is traced to an error-handling path in qla2x00_probe_one()\nwhen the adapter \"base_vha\" initialize failed. The fab_scan_rp \"scan.l\" is\nused to record the port information and it is allocated in\nqla2x00_create_host(). However, it is not released in the error handling\npath \"probe_failed\".\n\nFix this by freeing the memory of \"scan.l\" when an error occurs in the\nadapter initialization process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53696",
"url": "https://www.suse.com/security/cve/CVE-2023-53696"
},
{
"category": "external",
"summary": "SUSE Bug 1252513 for CVE-2023-53696",
"url": "https://bugzilla.suse.com/1252513"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53696"
},
{
"cve": "CVE-2023-53705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53705"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix out-of-bounds access in ipv6_find_tlv()\n\noptlen is fetched without checking whether there is more than one byte to parse.\nIt can lead to out-of-bounds access.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53705",
"url": "https://www.suse.com/security/cve/CVE-2023-53705"
},
{
"category": "external",
"summary": "SUSE Bug 1252554 for CVE-2023-53705",
"url": "https://bugzilla.suse.com/1252554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53705"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex\n\nApparently the hex passphrase mechanism does not work on newer\nchips/firmware (e.g. BCM4387). It seems there was a simple way of\npassing it in binary all along, so use that and avoid the hexification.\n\nOpenBSD has been doing it like this from the beginning, so this should\nwork on all chips.\n\nAlso clear the structure before setting the PMK. This was leaking\nuninitialized stack contents to the device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53715",
"url": "https://www.suse.com/security/cve/CVE-2023-53715"
},
{
"category": "external",
"summary": "SUSE Bug 1252545 for CVE-2023-53715",
"url": "https://bugzilla.suse.com/1252545"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-53715"
},
{
"cve": "CVE-2023-53717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53717"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()\n\nFix a stack-out-of-bounds write that occurs in a WMI response callback\nfunction that is called after a timeout occurs in ath9k_wmi_cmd().\nThe callback writes to wmi-\u003ecmd_rsp_buf, a stack-allocated buffer that\ncould no longer be valid when a timeout occurs. Set wmi-\u003elast_seq_id to\n0 when a timeout occurred.\n\nFound by a modified version of syzkaller.\n\nBUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx\nWrite of size 4\nCall Trace:\n memcpy\n ath9k_wmi_ctrl_rx\n ath9k_htc_rx_msg\n ath9k_hif_usb_reg_in_cb\n __usb_hcd_giveback_urb\n usb_hcd_giveback_urb\n dummy_timer\n call_timer_fn\n run_timer_softirq\n __do_softirq\n irq_exit_rcu\n sysvec_apic_timer_interrupt",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53717",
"url": "https://www.suse.com/security/cve/CVE-2023-53717"
},
{
"category": "external",
"summary": "SUSE Bug 1252560 for CVE-2023-53717",
"url": "https://bugzilla.suse.com/1252560"
},
{
"category": "external",
"summary": "SUSE Bug 1252563 for CVE-2023-53717",
"url": "https://bugzilla.suse.com/1252563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2023-53717"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2023-7324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-7324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses\n\nSanitize possible addl_desc_ptr out-of-bounds accesses in\nses_enclosure_data_process().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-7324",
"url": "https://www.suse.com/security/cve/CVE-2023-7324"
},
{
"category": "external",
"summary": "SUSE Bug 1252893 for CVE-2023-7324",
"url": "https://bugzilla.suse.com/1252893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-7324"
},
{
"cve": "CVE-2024-56633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg\n\nThe current sk memory accounting logic in __SK_REDIRECT is pre-uncharging\ntosend bytes, which is either msg-\u003esg.size or a smaller value apply_bytes.\n\nPotential problems with this strategy are as follows:\n\n- If the actual sent bytes are smaller than tosend, we need to charge some\n bytes back, as in line 487, which is okay but seems not clean.\n\n- When tosend is set to apply_bytes, as in line 417, and (ret \u003c 0), we may\n miss uncharging (msg-\u003esg.size - apply_bytes) bytes.\n\n[...]\n415 tosend = msg-\u003esg.size;\n416 if (psock-\u003eapply_bytes \u0026\u0026 psock-\u003eapply_bytes \u003c tosend)\n417 tosend = psock-\u003eapply_bytes;\n[...]\n443 sk_msg_return(sk, msg, tosend);\n444 release_sock(sk);\n446 origsize = msg-\u003esg.size;\n447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress,\n448 msg, tosend, flags);\n449 sent = origsize - msg-\u003esg.size;\n[...]\n454 lock_sock(sk);\n455 if (unlikely(ret \u003c 0)) {\n456 int free = sk_msg_free_nocharge(sk, msg);\n458 if (!cork)\n459 *copied -= free;\n460 }\n[...]\n487 if (eval == __SK_REDIRECT)\n488 sk_mem_charge(sk, tosend - sent);\n[...]\n\nWhen running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply,\nthe following warning will be reported:\n\n------------[ cut here ]------------\nWARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0\nModules linked in:\nCPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nWorkqueue: events sk_psock_destroy\nRIP: 0010:inet_sock_destruct+0x190/0x1a0\nRSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206\nRAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800\nRDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900\nRBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0\nR10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400\nR13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100\nFS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\u003cTASK\u003e\n? __warn+0x89/0x130\n? inet_sock_destruct+0x190/0x1a0\n? report_bug+0xfc/0x1e0\n? handle_bug+0x5c/0xa0\n? exc_invalid_op+0x17/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? inet_sock_destruct+0x190/0x1a0\n__sk_destruct+0x25/0x220\nsk_psock_destroy+0x2b2/0x310\nprocess_scheduled_works+0xa3/0x3e0\nworker_thread+0x117/0x240\n? __pfx_worker_thread+0x10/0x10\nkthread+0xcf/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x40\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\n\nIn __SK_REDIRECT, a more concise way is delaying the uncharging after sent\nbytes are finalized, and uncharge this value. When (ret \u003c 0), we shall\ninvoke sk_msg_free.\n\nSame thing happens in case __SK_DROP, when tosend is set to apply_bytes,\nwe may miss uncharging (msg-\u003esg.size - apply_bytes) bytes. The same\nwarning will be reported in selftest.\n\n[...]\n468 case __SK_DROP:\n469 default:\n470 sk_msg_free_partial(sk, msg, tosend);\n471 sk_msg_apply_bytes(psock, tosend);\n472 *copied -= (tosend + delta);\n473 return -EACCES;\n[...]\n\nSo instead of sk_msg_free_partial we can do sk_msg_free here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56633",
"url": "https://www.suse.com/security/cve/CVE-2024-56633"
},
{
"category": "external",
"summary": "SUSE Bug 1235485 for CVE-2024-56633",
"url": "https://bugzilla.suse.com/1235485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2024-56633"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen \u003e 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38680",
"url": "https://www.suse.com/security/cve/CVE-2025-38680"
},
{
"category": "external",
"summary": "SUSE Bug 1249203 for CVE-2025-38680",
"url": "https://bugzilla.suse.com/1249203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38680"
},
{
"cve": "CVE-2025-38691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38691",
"url": "https://www.suse.com/security/cve/CVE-2025-38691"
},
{
"category": "external",
"summary": "SUSE Bug 1249215 for CVE-2025-38691",
"url": "https://bugzilla.suse.com/1249215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure\n\nIf a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the\nresultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may\noccur before sli4_hba.hdwqs are allocated. This may result in a null\npointer dereference when attempting to take the abts_io_buf_list_lock for\nthe first hardware queue. Fix by adding a null ptr check on\nphba-\u003esli4_hba.hdwq and early return because this situation means there\nmust have been an error during port initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38695",
"url": "https://www.suse.com/security/cve/CVE-2025-38695"
},
{
"category": "external",
"summary": "SUSE Bug 1249285 for CVE-2025-38695",
"url": "https://bugzilla.suse.com/1249285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38695"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()\n\nThe hfsplus_bnode_read() method can trigger the issue:\n\n[ 174.852007][ T9784] ==================================================================\n[ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360\n[ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784\n[ 174.854059][ T9784]\n[ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full)\n[ 174.854281][ T9784] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 174.854286][ T9784] Call Trace:\n[ 174.854289][ T9784] \u003cTASK\u003e\n[ 174.854292][ T9784] dump_stack_lvl+0x10e/0x1f0\n[ 174.854305][ T9784] print_report+0xd0/0x660\n[ 174.854315][ T9784] ? __virt_addr_valid+0x81/0x610\n[ 174.854323][ T9784] ? __phys_addr+0xe8/0x180\n[ 174.854330][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854337][ T9784] kasan_report+0xc6/0x100\n[ 174.854346][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854354][ T9784] hfsplus_bnode_read+0x2f4/0x360\n[ 174.854362][ T9784] hfsplus_bnode_dump+0x2ec/0x380\n[ 174.854370][ T9784] ? __pfx_hfsplus_bnode_dump+0x10/0x10\n[ 174.854377][ T9784] ? hfsplus_bnode_write_u16+0x83/0xb0\n[ 174.854385][ T9784] ? srcu_gp_start+0xd0/0x310\n[ 174.854393][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854402][ T9784] hfsplus_brec_remove+0x3d2/0x4e0\n[ 174.854411][ T9784] __hfsplus_delete_attr+0x290/0x3a0\n[ 174.854419][ T9784] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10\n[ 174.854427][ T9784] ? __pfx___hfsplus_delete_attr+0x10/0x10\n[ 174.854436][ T9784] ? __asan_memset+0x23/0x50\n[ 174.854450][ T9784] hfsplus_delete_all_attrs+0x262/0x320\n[ 174.854459][ T9784] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10\n[ 174.854469][ T9784] ? rcu_is_watching+0x12/0xc0\n[ 174.854476][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854483][ T9784] hfsplus_delete_cat+0x845/0xde0\n[ 174.854493][ T9784] ? __pfx_hfsplus_delete_cat+0x10/0x10\n[ 174.854507][ T9784] hfsplus_unlink+0x1ca/0x7c0\n[ 174.854516][ T9784] ? __pfx_hfsplus_unlink+0x10/0x10\n[ 174.854525][ T9784] ? down_write+0x148/0x200\n[ 174.854532][ T9784] ? __pfx_down_write+0x10/0x10\n[ 174.854540][ T9784] vfs_unlink+0x2fe/0x9b0\n[ 174.854549][ T9784] do_unlinkat+0x490/0x670\n[ 174.854557][ T9784] ? __pfx_do_unlinkat+0x10/0x10\n[ 174.854565][ T9784] ? __might_fault+0xbc/0x130\n[ 174.854576][ T9784] ? getname_flags.part.0+0x1c5/0x550\n[ 174.854584][ T9784] __x64_sys_unlink+0xc5/0x110\n[ 174.854592][ T9784] do_syscall_64+0xc9/0x480\n[ 174.854600][ T9784] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 174.854608][ T9784] RIP: 0033:0x7f6fdf4c3167\n[ 174.854614][ T9784] Code: f0 ff ff 73 01 c3 48 8b 0d 26 0d 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 08\n[ 174.854622][ T9784] RSP: 002b:00007ffcb948bca8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057\n[ 174.854630][ T9784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fdf4c3167\n[ 174.854636][ T9784] RDX: 00007ffcb948bcc0 RSI: 00007ffcb948bcc0 RDI: 00007ffcb948bd50\n[ 174.854641][ T9784] RBP: 00007ffcb948cd90 R08: 0000000000000001 R09: 00007ffcb948bb40\n[ 174.854645][ T9784] R10: 00007f6fdf564fc0 R11: 0000000000000206 R12: 0000561e1bc9c2d0\n[ 174.854650][ T9784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 174.854658][ T9784] \u003c/TASK\u003e\n[ 174.854661][ T9784]\n[ 174.879281][ T9784] Allocated by task 9784:\n[ 174.879664][ T9784] kasan_save_stack+0x20/0x40\n[ 174.880082][ T9784] kasan_save_track+0x14/0x30\n[ 174.880500][ T9784] __kasan_kmalloc+0xaa/0xb0\n[ 174.880908][ T9784] __kmalloc_noprof+0x205/0x550\n[ 174.881337][ T9784] __hfs_bnode_create+0x107/0x890\n[ 174.881779][ T9784] hfsplus_bnode_find+0x2d0/0xd10\n[ 174.882222][ T9784] hfsplus_brec_find+0x2b0/0x520\n[ 174.882659][ T9784] hfsplus_delete_all_attrs+0x23b/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38714",
"url": "https://www.suse.com/security/cve/CVE-2025-38714"
},
{
"category": "external",
"summary": "SUSE Bug 1249260 for CVE-2025-38714",
"url": "https://bugzilla.suse.com/1249260"
},
{
"category": "external",
"summary": "SUSE Bug 1249596 for CVE-2025-38714",
"url": "https://bugzilla.suse.com/1249596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38714"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-38724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38724",
"url": "https://www.suse.com/security/cve/CVE-2025-38724"
},
{
"category": "external",
"summary": "SUSE Bug 1249169 for CVE-2025-38724",
"url": "https://bugzilla.suse.com/1249169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39724",
"url": "https://www.suse.com/security/cve/CVE-2025-39724"
},
{
"category": "external",
"summary": "SUSE Bug 1249265 for CVE-2025-39724",
"url": "https://bugzilla.suse.com/1249265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hisilicon/hibmc: fix the hibmc loaded failed bug\n\nWhen hibmc loaded failed, the driver use hibmc_unload to free the\nresource, but the mutexes in mode.config are not init, which will\naccess an NULL pointer. Just change goto statement to return, because\nhibnc_hw_init() doesn\u0027t need to free anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39772",
"url": "https://www.suse.com/security/cve/CVE-2025-39772"
},
{
"category": "external",
"summary": "SUSE Bug 1249506 for CVE-2025-39772",
"url": "https://bugzilla.suse.com/1249506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39772"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don\u0027t have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It\u0027s safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39923",
"url": "https://www.suse.com/security/cve/CVE-2025-39923"
},
{
"category": "external",
"summary": "SUSE Bug 1250741 for CVE-2025-39923",
"url": "https://bugzilla.suse.com/1250741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39923"
},
{
"cve": "CVE-2025-39929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path\n\nDuring tests of another unrelated patch I was able to trigger this\nerror: Objects remaining on __kmem_cache_shutdown()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39929",
"url": "https://www.suse.com/security/cve/CVE-2025-39929"
},
{
"category": "external",
"summary": "SUSE Bug 1251036 for CVE-2025-39929",
"url": "https://bugzilla.suse.com/1251036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39929"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_280-default-1-8.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.280.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.280.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.280.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-24T09:18:05Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
}
]
}
SUSE-SU-2025:4141-1
Vulnerability from csaf_suse - Published: 2025-11-19 14:06 - Updated: 2025-11-19 14:06Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- Reapply 'x86/smp: Eliminate mwait_play_dead_cpuid_hint()' (jsc#PED-13815).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815).
- dpll: Make ZL3073X invisible (bsc#1252253).
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix build failure (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112).
- platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112).
- platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112).
- platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112).
- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112).
- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112).
- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).
- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112).
- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469)
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
Patchnames
SUSE-2025-4141,SUSE-SLE-Module-Live-Patching-15-SP7-2025-4141,SUSE-SLE-Module-RT-15-SP7-2025-4141
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).\n- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901).\n- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).\n- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).\n- CVE-2025-39854: ice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr (bsc#1250297).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-39984: net: tun: Update napi-\u003eskb after XDP process (bsc#1252081).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non security issues were fixed:\n\n- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).\n- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: processor: Rescan \u0027dead\u0027 SMT siblings during initialization (jsc#PED-13815).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \u0027guest stopped request\u0027 once per guest time update (git-fixes).\n- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).\n- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).\n- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).\n- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).\n- Reapply \u0027x86/smp: Eliminate mwait_play_dead_cpuid_hint()\u0027 (jsc#PED-13815).\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815).\n- dpll: Make ZL3073X invisible (bsc#1252253).\n- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).\n- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).\n- dpll: zl3073x: Add low-level flash functions (bsc#1252253).\n- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).\n- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).\n- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).\n- dpll: zl3073x: Fix build failure (bsc#1252253).\n- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).\n- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).\n- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).\n- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).\n- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).\n- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253).\n- drm/amd : Update MES API header file for v11 \u0026 v12 (stable-fixes).\n- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).\n- drm/amd/display: Add NULL check for stream before dereference in \u0027dm_vupdate_high_irq\u0027 (bsc#1243112).\n- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).\n- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).\n- drm/amd/display: fix dmub access race condition (bsc#1243112).\n- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).\n- drm/amd/include : MES v11 and v12 API header update (stable-fixes).\n- drm/amd/include : Update MES v12 API for fence update (stable-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/amd: Avoid evicting resources at S5 (bsc#1243112).\n- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).\n- drm/amd: Fix hybrid sleep (bsc#1243112).\n- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).\n- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).\n- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).\n- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).\n- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).\n- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).\n- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).\n- drm/amdgpu: Report individual reset error (bsc#1243112).\n- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).\n- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).\n- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).\n- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).\n- intel_idle: Rescan \u0027dead\u0027 SMT siblings during initialization (jsc#PED-13815).\n- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).\n- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).\n- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).\n- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).\n- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).\n- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).\n- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).\n- nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683).\n- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).\n- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).\n- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112).\n- platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112).\n- platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112).\n- platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112).\n- platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112).\n- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112).\n- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112).\n- platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112).\n- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112).\n- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112).\n- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).\n- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112).\n- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).\n- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).\n- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).\n- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).\n- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).\n- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).\n- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).\n- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).\n- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).\n- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).\n- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).\n- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).\n- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).\n- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).\n- scsi: lpfc: use min() to improve code (bsc#1250519).\n- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469)\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).\n- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).\n- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).\n- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).\n- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).\n- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4141,SUSE-SLE-Module-Live-Patching-15-SP7-2025-4141,SUSE-SLE-Module-RT-15-SP7-2025-4141",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4141-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4141-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254141-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4141-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023304.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1194869",
"url": "https://bugzilla.suse.com/1194869"
},
{
"category": "self",
"summary": "SUSE Bug 1213061",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "self",
"summary": "SUSE Bug 1213666",
"url": "https://bugzilla.suse.com/1213666"
},
{
"category": "self",
"summary": "SUSE Bug 1214073",
"url": "https://bugzilla.suse.com/1214073"
},
{
"category": "self",
"summary": "SUSE Bug 1214928",
"url": "https://bugzilla.suse.com/1214928"
},
{
"category": "self",
"summary": "SUSE Bug 1214953",
"url": "https://bugzilla.suse.com/1214953"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215150",
"url": "https://bugzilla.suse.com/1215150"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1215696",
"url": "https://bugzilla.suse.com/1215696"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1216436",
"url": "https://bugzilla.suse.com/1216436"
},
{
"category": "self",
"summary": "SUSE Bug 1216976",
"url": "https://bugzilla.suse.com/1216976"
},
{
"category": "self",
"summary": "SUSE Bug 1220186",
"url": "https://bugzilla.suse.com/1220186"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1229165",
"url": "https://bugzilla.suse.com/1229165"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1243100",
"url": "https://bugzilla.suse.com/1243100"
},
{
"category": "self",
"summary": "SUSE Bug 1243112",
"url": "https://bugzilla.suse.com/1243112"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1245193",
"url": "https://bugzilla.suse.com/1245193"
},
{
"category": "self",
"summary": "SUSE Bug 1245260",
"url": "https://bugzilla.suse.com/1245260"
},
{
"category": "self",
"summary": "SUSE Bug 1246125",
"url": "https://bugzilla.suse.com/1246125"
},
{
"category": "self",
"summary": "SUSE Bug 1247118",
"url": "https://bugzilla.suse.com/1247118"
},
{
"category": "self",
"summary": "SUSE Bug 1247222",
"url": "https://bugzilla.suse.com/1247222"
},
{
"category": "self",
"summary": "SUSE Bug 1247500",
"url": "https://bugzilla.suse.com/1247500"
},
{
"category": "self",
"summary": "SUSE Bug 1247683",
"url": "https://bugzilla.suse.com/1247683"
},
{
"category": "self",
"summary": "SUSE Bug 1248111",
"url": "https://bugzilla.suse.com/1248111"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248735",
"url": "https://bugzilla.suse.com/1248735"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248847",
"url": "https://bugzilla.suse.com/1248847"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249123",
"url": "https://bugzilla.suse.com/1249123"
},
{
"category": "self",
"summary": "SUSE Bug 1249159",
"url": "https://bugzilla.suse.com/1249159"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249164",
"url": "https://bugzilla.suse.com/1249164"
},
{
"category": "self",
"summary": "SUSE Bug 1249166",
"url": "https://bugzilla.suse.com/1249166"
},
{
"category": "self",
"summary": "SUSE Bug 1249169",
"url": "https://bugzilla.suse.com/1249169"
},
{
"category": "self",
"summary": "SUSE Bug 1249170",
"url": "https://bugzilla.suse.com/1249170"
},
{
"category": "self",
"summary": "SUSE Bug 1249177",
"url": "https://bugzilla.suse.com/1249177"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249190",
"url": "https://bugzilla.suse.com/1249190"
},
{
"category": "self",
"summary": "SUSE Bug 1249194",
"url": "https://bugzilla.suse.com/1249194"
},
{
"category": "self",
"summary": "SUSE Bug 1249195",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "self",
"summary": "SUSE Bug 1249196",
"url": "https://bugzilla.suse.com/1249196"
},
{
"category": "self",
"summary": "SUSE Bug 1249200",
"url": "https://bugzilla.suse.com/1249200"
},
{
"category": "self",
"summary": "SUSE Bug 1249203",
"url": "https://bugzilla.suse.com/1249203"
},
{
"category": "self",
"summary": "SUSE Bug 1249204",
"url": "https://bugzilla.suse.com/1249204"
},
{
"category": "self",
"summary": "SUSE Bug 1249215",
"url": "https://bugzilla.suse.com/1249215"
},
{
"category": "self",
"summary": "SUSE Bug 1249220",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "self",
"summary": "SUSE Bug 1249221",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249254",
"url": "https://bugzilla.suse.com/1249254"
},
{
"category": "self",
"summary": "SUSE Bug 1249255",
"url": "https://bugzilla.suse.com/1249255"
},
{
"category": "self",
"summary": "SUSE Bug 1249257",
"url": "https://bugzilla.suse.com/1249257"
},
{
"category": "self",
"summary": "SUSE Bug 1249260",
"url": "https://bugzilla.suse.com/1249260"
},
{
"category": "self",
"summary": "SUSE Bug 1249263",
"url": "https://bugzilla.suse.com/1249263"
},
{
"category": "self",
"summary": "SUSE Bug 1249265",
"url": "https://bugzilla.suse.com/1249265"
},
{
"category": "self",
"summary": "SUSE Bug 1249266",
"url": "https://bugzilla.suse.com/1249266"
},
{
"category": "self",
"summary": "SUSE Bug 1249271",
"url": "https://bugzilla.suse.com/1249271"
},
{
"category": "self",
"summary": "SUSE Bug 1249272",
"url": "https://bugzilla.suse.com/1249272"
},
{
"category": "self",
"summary": "SUSE Bug 1249273",
"url": "https://bugzilla.suse.com/1249273"
},
{
"category": "self",
"summary": "SUSE Bug 1249278",
"url": "https://bugzilla.suse.com/1249278"
},
{
"category": "self",
"summary": "SUSE Bug 1249279",
"url": "https://bugzilla.suse.com/1249279"
},
{
"category": "self",
"summary": "SUSE Bug 1249281",
"url": "https://bugzilla.suse.com/1249281"
},
{
"category": "self",
"summary": "SUSE Bug 1249282",
"url": "https://bugzilla.suse.com/1249282"
},
{
"category": "self",
"summary": "SUSE Bug 1249285",
"url": "https://bugzilla.suse.com/1249285"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249288",
"url": "https://bugzilla.suse.com/1249288"
},
{
"category": "self",
"summary": "SUSE Bug 1249292",
"url": "https://bugzilla.suse.com/1249292"
},
{
"category": "self",
"summary": "SUSE Bug 1249296",
"url": "https://bugzilla.suse.com/1249296"
},
{
"category": "self",
"summary": "SUSE Bug 1249299",
"url": "https://bugzilla.suse.com/1249299"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249304",
"url": "https://bugzilla.suse.com/1249304"
},
{
"category": "self",
"summary": "SUSE Bug 1249308",
"url": "https://bugzilla.suse.com/1249308"
},
{
"category": "self",
"summary": "SUSE Bug 1249312",
"url": "https://bugzilla.suse.com/1249312"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249318",
"url": "https://bugzilla.suse.com/1249318"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249321",
"url": "https://bugzilla.suse.com/1249321"
},
{
"category": "self",
"summary": "SUSE Bug 1249323",
"url": "https://bugzilla.suse.com/1249323"
},
{
"category": "self",
"summary": "SUSE Bug 1249324",
"url": "https://bugzilla.suse.com/1249324"
},
{
"category": "self",
"summary": "SUSE Bug 1249338",
"url": "https://bugzilla.suse.com/1249338"
},
{
"category": "self",
"summary": "SUSE Bug 1249397",
"url": "https://bugzilla.suse.com/1249397"
},
{
"category": "self",
"summary": "SUSE Bug 1249413",
"url": "https://bugzilla.suse.com/1249413"
},
{
"category": "self",
"summary": "SUSE Bug 1249479",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "self",
"summary": "SUSE Bug 1249486",
"url": "https://bugzilla.suse.com/1249486"
},
{
"category": "self",
"summary": "SUSE Bug 1249489",
"url": "https://bugzilla.suse.com/1249489"
},
{
"category": "self",
"summary": "SUSE Bug 1249490",
"url": "https://bugzilla.suse.com/1249490"
},
{
"category": "self",
"summary": "SUSE Bug 1249506",
"url": "https://bugzilla.suse.com/1249506"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249515",
"url": "https://bugzilla.suse.com/1249515"
},
{
"category": "self",
"summary": "SUSE Bug 1249522",
"url": "https://bugzilla.suse.com/1249522"
},
{
"category": "self",
"summary": "SUSE Bug 1249523",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "self",
"summary": "SUSE Bug 1249538",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "self",
"summary": "SUSE Bug 1249542",
"url": "https://bugzilla.suse.com/1249542"
},
{
"category": "self",
"summary": "SUSE Bug 1249548",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "self",
"summary": "SUSE Bug 1249554",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249598",
"url": "https://bugzilla.suse.com/1249598"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1249615",
"url": "https://bugzilla.suse.com/1249615"
},
{
"category": "self",
"summary": "SUSE Bug 1249640",
"url": "https://bugzilla.suse.com/1249640"
},
{
"category": "self",
"summary": "SUSE Bug 1249641",
"url": "https://bugzilla.suse.com/1249641"
},
{
"category": "self",
"summary": "SUSE Bug 1249642",
"url": "https://bugzilla.suse.com/1249642"
},
{
"category": "self",
"summary": "SUSE Bug 1249658",
"url": "https://bugzilla.suse.com/1249658"
},
{
"category": "self",
"summary": "SUSE Bug 1249662",
"url": "https://bugzilla.suse.com/1249662"
},
{
"category": "self",
"summary": "SUSE Bug 1249672",
"url": "https://bugzilla.suse.com/1249672"
},
{
"category": "self",
"summary": "SUSE Bug 1249673",
"url": "https://bugzilla.suse.com/1249673"
},
{
"category": "self",
"summary": "SUSE Bug 1249677",
"url": "https://bugzilla.suse.com/1249677"
},
{
"category": "self",
"summary": "SUSE Bug 1249678",
"url": "https://bugzilla.suse.com/1249678"
},
{
"category": "self",
"summary": "SUSE Bug 1249679",
"url": "https://bugzilla.suse.com/1249679"
},
{
"category": "self",
"summary": "SUSE Bug 1249682",
"url": "https://bugzilla.suse.com/1249682"
},
{
"category": "self",
"summary": "SUSE Bug 1249687",
"url": "https://bugzilla.suse.com/1249687"
},
{
"category": "self",
"summary": "SUSE Bug 1249698",
"url": "https://bugzilla.suse.com/1249698"
},
{
"category": "self",
"summary": "SUSE Bug 1249707",
"url": "https://bugzilla.suse.com/1249707"
},
{
"category": "self",
"summary": "SUSE Bug 1249712",
"url": "https://bugzilla.suse.com/1249712"
},
{
"category": "self",
"summary": "SUSE Bug 1249730",
"url": "https://bugzilla.suse.com/1249730"
},
{
"category": "self",
"summary": "SUSE Bug 1249735",
"url": "https://bugzilla.suse.com/1249735"
},
{
"category": "self",
"summary": "SUSE Bug 1249756",
"url": "https://bugzilla.suse.com/1249756"
},
{
"category": "self",
"summary": "SUSE Bug 1249758",
"url": "https://bugzilla.suse.com/1249758"
},
{
"category": "self",
"summary": "SUSE Bug 1249761",
"url": "https://bugzilla.suse.com/1249761"
},
{
"category": "self",
"summary": "SUSE Bug 1249762",
"url": "https://bugzilla.suse.com/1249762"
},
{
"category": "self",
"summary": "SUSE Bug 1249768",
"url": "https://bugzilla.suse.com/1249768"
},
{
"category": "self",
"summary": "SUSE Bug 1249774",
"url": "https://bugzilla.suse.com/1249774"
},
{
"category": "self",
"summary": "SUSE Bug 1249779",
"url": "https://bugzilla.suse.com/1249779"
},
{
"category": "self",
"summary": "SUSE Bug 1249780",
"url": "https://bugzilla.suse.com/1249780"
},
{
"category": "self",
"summary": "SUSE Bug 1249785",
"url": "https://bugzilla.suse.com/1249785"
},
{
"category": "self",
"summary": "SUSE Bug 1249787",
"url": "https://bugzilla.suse.com/1249787"
},
{
"category": "self",
"summary": "SUSE Bug 1249795",
"url": "https://bugzilla.suse.com/1249795"
},
{
"category": "self",
"summary": "SUSE Bug 1249815",
"url": "https://bugzilla.suse.com/1249815"
},
{
"category": "self",
"summary": "SUSE Bug 1249820",
"url": "https://bugzilla.suse.com/1249820"
},
{
"category": "self",
"summary": "SUSE Bug 1249823",
"url": "https://bugzilla.suse.com/1249823"
},
{
"category": "self",
"summary": "SUSE Bug 1249824",
"url": "https://bugzilla.suse.com/1249824"
},
{
"category": "self",
"summary": "SUSE Bug 1249825",
"url": "https://bugzilla.suse.com/1249825"
},
{
"category": "self",
"summary": "SUSE Bug 1249826",
"url": "https://bugzilla.suse.com/1249826"
},
{
"category": "self",
"summary": "SUSE Bug 1249833",
"url": "https://bugzilla.suse.com/1249833"
},
{
"category": "self",
"summary": "SUSE Bug 1249842",
"url": "https://bugzilla.suse.com/1249842"
},
{
"category": "self",
"summary": "SUSE Bug 1249845",
"url": "https://bugzilla.suse.com/1249845"
},
{
"category": "self",
"summary": "SUSE Bug 1249849",
"url": "https://bugzilla.suse.com/1249849"
},
{
"category": "self",
"summary": "SUSE Bug 1249850",
"url": "https://bugzilla.suse.com/1249850"
},
{
"category": "self",
"summary": "SUSE Bug 1249853",
"url": "https://bugzilla.suse.com/1249853"
},
{
"category": "self",
"summary": "SUSE Bug 1249856",
"url": "https://bugzilla.suse.com/1249856"
},
{
"category": "self",
"summary": "SUSE Bug 1249861",
"url": "https://bugzilla.suse.com/1249861"
},
{
"category": "self",
"summary": "SUSE Bug 1249863",
"url": "https://bugzilla.suse.com/1249863"
},
{
"category": "self",
"summary": "SUSE Bug 1249864",
"url": "https://bugzilla.suse.com/1249864"
},
{
"category": "self",
"summary": "SUSE Bug 1249865",
"url": "https://bugzilla.suse.com/1249865"
},
{
"category": "self",
"summary": "SUSE Bug 1249866",
"url": "https://bugzilla.suse.com/1249866"
},
{
"category": "self",
"summary": "SUSE Bug 1249869",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "self",
"summary": "SUSE Bug 1249870",
"url": "https://bugzilla.suse.com/1249870"
},
{
"category": "self",
"summary": "SUSE Bug 1249880",
"url": "https://bugzilla.suse.com/1249880"
},
{
"category": "self",
"summary": "SUSE Bug 1249883",
"url": "https://bugzilla.suse.com/1249883"
},
{
"category": "self",
"summary": "SUSE Bug 1249888",
"url": "https://bugzilla.suse.com/1249888"
},
{
"category": "self",
"summary": "SUSE Bug 1249894",
"url": "https://bugzilla.suse.com/1249894"
},
{
"category": "self",
"summary": "SUSE Bug 1249896",
"url": "https://bugzilla.suse.com/1249896"
},
{
"category": "self",
"summary": "SUSE Bug 1249897",
"url": "https://bugzilla.suse.com/1249897"
},
{
"category": "self",
"summary": "SUSE Bug 1249901",
"url": "https://bugzilla.suse.com/1249901"
},
{
"category": "self",
"summary": "SUSE Bug 1249911",
"url": "https://bugzilla.suse.com/1249911"
},
{
"category": "self",
"summary": "SUSE Bug 1249917",
"url": "https://bugzilla.suse.com/1249917"
},
{
"category": "self",
"summary": "SUSE Bug 1249919",
"url": "https://bugzilla.suse.com/1249919"
},
{
"category": "self",
"summary": "SUSE Bug 1249923",
"url": "https://bugzilla.suse.com/1249923"
},
{
"category": "self",
"summary": "SUSE Bug 1249926",
"url": "https://bugzilla.suse.com/1249926"
},
{
"category": "self",
"summary": "SUSE Bug 1249938",
"url": "https://bugzilla.suse.com/1249938"
},
{
"category": "self",
"summary": "SUSE Bug 1249949",
"url": "https://bugzilla.suse.com/1249949"
},
{
"category": "self",
"summary": "SUSE Bug 1249950",
"url": "https://bugzilla.suse.com/1249950"
},
{
"category": "self",
"summary": "SUSE Bug 1249952",
"url": "https://bugzilla.suse.com/1249952"
},
{
"category": "self",
"summary": "SUSE Bug 1249975",
"url": "https://bugzilla.suse.com/1249975"
},
{
"category": "self",
"summary": "SUSE Bug 1249979",
"url": "https://bugzilla.suse.com/1249979"
},
{
"category": "self",
"summary": "SUSE Bug 1249984",
"url": "https://bugzilla.suse.com/1249984"
},
{
"category": "self",
"summary": "SUSE Bug 1249988",
"url": "https://bugzilla.suse.com/1249988"
},
{
"category": "self",
"summary": "SUSE Bug 1249990",
"url": "https://bugzilla.suse.com/1249990"
},
{
"category": "self",
"summary": "SUSE Bug 1249993",
"url": "https://bugzilla.suse.com/1249993"
},
{
"category": "self",
"summary": "SUSE Bug 1249994",
"url": "https://bugzilla.suse.com/1249994"
},
{
"category": "self",
"summary": "SUSE Bug 1249997",
"url": "https://bugzilla.suse.com/1249997"
},
{
"category": "self",
"summary": "SUSE Bug 1250004",
"url": "https://bugzilla.suse.com/1250004"
},
{
"category": "self",
"summary": "SUSE Bug 1250006",
"url": "https://bugzilla.suse.com/1250006"
},
{
"category": "self",
"summary": "SUSE Bug 1250007",
"url": "https://bugzilla.suse.com/1250007"
},
{
"category": "self",
"summary": "SUSE Bug 1250012",
"url": "https://bugzilla.suse.com/1250012"
},
{
"category": "self",
"summary": "SUSE Bug 1250022",
"url": "https://bugzilla.suse.com/1250022"
},
{
"category": "self",
"summary": "SUSE Bug 1250024",
"url": "https://bugzilla.suse.com/1250024"
},
{
"category": "self",
"summary": "SUSE Bug 1250028",
"url": "https://bugzilla.suse.com/1250028"
},
{
"category": "self",
"summary": "SUSE Bug 1250029",
"url": "https://bugzilla.suse.com/1250029"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250035",
"url": "https://bugzilla.suse.com/1250035"
},
{
"category": "self",
"summary": "SUSE Bug 1250049",
"url": "https://bugzilla.suse.com/1250049"
},
{
"category": "self",
"summary": "SUSE Bug 1250055",
"url": "https://bugzilla.suse.com/1250055"
},
{
"category": "self",
"summary": "SUSE Bug 1250058",
"url": "https://bugzilla.suse.com/1250058"
},
{
"category": "self",
"summary": "SUSE Bug 1250062",
"url": "https://bugzilla.suse.com/1250062"
},
{
"category": "self",
"summary": "SUSE Bug 1250063",
"url": "https://bugzilla.suse.com/1250063"
},
{
"category": "self",
"summary": "SUSE Bug 1250065",
"url": "https://bugzilla.suse.com/1250065"
},
{
"category": "self",
"summary": "SUSE Bug 1250066",
"url": "https://bugzilla.suse.com/1250066"
},
{
"category": "self",
"summary": "SUSE Bug 1250067",
"url": "https://bugzilla.suse.com/1250067"
},
{
"category": "self",
"summary": "SUSE Bug 1250069",
"url": "https://bugzilla.suse.com/1250069"
},
{
"category": "self",
"summary": "SUSE Bug 1250070",
"url": "https://bugzilla.suse.com/1250070"
},
{
"category": "self",
"summary": "SUSE Bug 1250073",
"url": "https://bugzilla.suse.com/1250073"
},
{
"category": "self",
"summary": "SUSE Bug 1250074",
"url": "https://bugzilla.suse.com/1250074"
},
{
"category": "self",
"summary": "SUSE Bug 1250088",
"url": "https://bugzilla.suse.com/1250088"
},
{
"category": "self",
"summary": "SUSE Bug 1250089",
"url": "https://bugzilla.suse.com/1250089"
},
{
"category": "self",
"summary": "SUSE Bug 1250106",
"url": "https://bugzilla.suse.com/1250106"
},
{
"category": "self",
"summary": "SUSE Bug 1250112",
"url": "https://bugzilla.suse.com/1250112"
},
{
"category": "self",
"summary": "SUSE Bug 1250117",
"url": "https://bugzilla.suse.com/1250117"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250120",
"url": "https://bugzilla.suse.com/1250120"
},
{
"category": "self",
"summary": "SUSE Bug 1250125",
"url": "https://bugzilla.suse.com/1250125"
},
{
"category": "self",
"summary": "SUSE Bug 1250127",
"url": "https://bugzilla.suse.com/1250127"
},
{
"category": "self",
"summary": "SUSE Bug 1250128",
"url": "https://bugzilla.suse.com/1250128"
},
{
"category": "self",
"summary": "SUSE Bug 1250145",
"url": "https://bugzilla.suse.com/1250145"
},
{
"category": "self",
"summary": "SUSE Bug 1250150",
"url": "https://bugzilla.suse.com/1250150"
},
{
"category": "self",
"summary": "SUSE Bug 1250156",
"url": "https://bugzilla.suse.com/1250156"
},
{
"category": "self",
"summary": "SUSE Bug 1250157",
"url": "https://bugzilla.suse.com/1250157"
},
{
"category": "self",
"summary": "SUSE Bug 1250161",
"url": "https://bugzilla.suse.com/1250161"
},
{
"category": "self",
"summary": "SUSE Bug 1250163",
"url": "https://bugzilla.suse.com/1250163"
},
{
"category": "self",
"summary": "SUSE Bug 1250166",
"url": "https://bugzilla.suse.com/1250166"
},
{
"category": "self",
"summary": "SUSE Bug 1250167",
"url": "https://bugzilla.suse.com/1250167"
},
{
"category": "self",
"summary": "SUSE Bug 1250169",
"url": "https://bugzilla.suse.com/1250169"
},
{
"category": "self",
"summary": "SUSE Bug 1250171",
"url": "https://bugzilla.suse.com/1250171"
},
{
"category": "self",
"summary": "SUSE Bug 1250177",
"url": "https://bugzilla.suse.com/1250177"
},
{
"category": "self",
"summary": "SUSE Bug 1250180",
"url": "https://bugzilla.suse.com/1250180"
},
{
"category": "self",
"summary": "SUSE Bug 1250186",
"url": "https://bugzilla.suse.com/1250186"
},
{
"category": "self",
"summary": "SUSE Bug 1250196",
"url": "https://bugzilla.suse.com/1250196"
},
{
"category": "self",
"summary": "SUSE Bug 1250198",
"url": "https://bugzilla.suse.com/1250198"
},
{
"category": "self",
"summary": "SUSE Bug 1250199",
"url": "https://bugzilla.suse.com/1250199"
},
{
"category": "self",
"summary": "SUSE Bug 1250201",
"url": "https://bugzilla.suse.com/1250201"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250203",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "self",
"summary": "SUSE Bug 1250204",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250206",
"url": "https://bugzilla.suse.com/1250206"
},
{
"category": "self",
"summary": "SUSE Bug 1250208",
"url": "https://bugzilla.suse.com/1250208"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250241",
"url": "https://bugzilla.suse.com/1250241"
},
{
"category": "self",
"summary": "SUSE Bug 1250242",
"url": "https://bugzilla.suse.com/1250242"
},
{
"category": "self",
"summary": "SUSE Bug 1250243",
"url": "https://bugzilla.suse.com/1250243"
},
{
"category": "self",
"summary": "SUSE Bug 1250247",
"url": "https://bugzilla.suse.com/1250247"
},
{
"category": "self",
"summary": "SUSE Bug 1250249",
"url": "https://bugzilla.suse.com/1250249"
},
{
"category": "self",
"summary": "SUSE Bug 1250262",
"url": "https://bugzilla.suse.com/1250262"
},
{
"category": "self",
"summary": "SUSE Bug 1250263",
"url": "https://bugzilla.suse.com/1250263"
},
{
"category": "self",
"summary": "SUSE Bug 1250266",
"url": "https://bugzilla.suse.com/1250266"
},
{
"category": "self",
"summary": "SUSE Bug 1250268",
"url": "https://bugzilla.suse.com/1250268"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250275",
"url": "https://bugzilla.suse.com/1250275"
},
{
"category": "self",
"summary": "SUSE Bug 1250276",
"url": "https://bugzilla.suse.com/1250276"
},
{
"category": "self",
"summary": "SUSE Bug 1250281",
"url": "https://bugzilla.suse.com/1250281"
},
{
"category": "self",
"summary": "SUSE Bug 1250290",
"url": "https://bugzilla.suse.com/1250290"
},
{
"category": "self",
"summary": "SUSE Bug 1250291",
"url": "https://bugzilla.suse.com/1250291"
},
{
"category": "self",
"summary": "SUSE Bug 1250292",
"url": "https://bugzilla.suse.com/1250292"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250297",
"url": "https://bugzilla.suse.com/1250297"
},
{
"category": "self",
"summary": "SUSE Bug 1250298",
"url": "https://bugzilla.suse.com/1250298"
},
{
"category": "self",
"summary": "SUSE Bug 1250313",
"url": "https://bugzilla.suse.com/1250313"
},
{
"category": "self",
"summary": "SUSE Bug 1250319",
"url": "https://bugzilla.suse.com/1250319"
},
{
"category": "self",
"summary": "SUSE Bug 1250323",
"url": "https://bugzilla.suse.com/1250323"
},
{
"category": "self",
"summary": "SUSE Bug 1250325",
"url": "https://bugzilla.suse.com/1250325"
},
{
"category": "self",
"summary": "SUSE Bug 1250329",
"url": "https://bugzilla.suse.com/1250329"
},
{
"category": "self",
"summary": "SUSE Bug 1250337",
"url": "https://bugzilla.suse.com/1250337"
},
{
"category": "self",
"summary": "SUSE Bug 1250358",
"url": "https://bugzilla.suse.com/1250358"
},
{
"category": "self",
"summary": "SUSE Bug 1250371",
"url": "https://bugzilla.suse.com/1250371"
},
{
"category": "self",
"summary": "SUSE Bug 1250377",
"url": "https://bugzilla.suse.com/1250377"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250384",
"url": "https://bugzilla.suse.com/1250384"
},
{
"category": "self",
"summary": "SUSE Bug 1250389",
"url": "https://bugzilla.suse.com/1250389"
},
{
"category": "self",
"summary": "SUSE Bug 1250395",
"url": "https://bugzilla.suse.com/1250395"
},
{
"category": "self",
"summary": "SUSE Bug 1250397",
"url": "https://bugzilla.suse.com/1250397"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250402",
"url": "https://bugzilla.suse.com/1250402"
},
{
"category": "self",
"summary": "SUSE Bug 1250406",
"url": "https://bugzilla.suse.com/1250406"
},
{
"category": "self",
"summary": "SUSE Bug 1250426",
"url": "https://bugzilla.suse.com/1250426"
},
{
"category": "self",
"summary": "SUSE Bug 1250450",
"url": "https://bugzilla.suse.com/1250450"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250459",
"url": "https://bugzilla.suse.com/1250459"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250712",
"url": "https://bugzilla.suse.com/1250712"
},
{
"category": "self",
"summary": "SUSE Bug 1250713",
"url": "https://bugzilla.suse.com/1250713"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250732",
"url": "https://bugzilla.suse.com/1250732"
},
{
"category": "self",
"summary": "SUSE Bug 1250736",
"url": "https://bugzilla.suse.com/1250736"
},
{
"category": "self",
"summary": "SUSE Bug 1250741",
"url": "https://bugzilla.suse.com/1250741"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250758",
"url": "https://bugzilla.suse.com/1250758"
},
{
"category": "self",
"summary": "SUSE Bug 1250759",
"url": "https://bugzilla.suse.com/1250759"
},
{
"category": "self",
"summary": "SUSE Bug 1250763",
"url": "https://bugzilla.suse.com/1250763"
},
{
"category": "self",
"summary": "SUSE Bug 1250765",
"url": "https://bugzilla.suse.com/1250765"
},
{
"category": "self",
"summary": "SUSE Bug 1250807",
"url": "https://bugzilla.suse.com/1250807"
},
{
"category": "self",
"summary": "SUSE Bug 1250808",
"url": "https://bugzilla.suse.com/1250808"
},
{
"category": "self",
"summary": "SUSE Bug 1250809",
"url": "https://bugzilla.suse.com/1250809"
},
{
"category": "self",
"summary": "SUSE Bug 1250812",
"url": "https://bugzilla.suse.com/1250812"
},
{
"category": "self",
"summary": "SUSE Bug 1250813",
"url": "https://bugzilla.suse.com/1250813"
},
{
"category": "self",
"summary": "SUSE Bug 1250815",
"url": "https://bugzilla.suse.com/1250815"
},
{
"category": "self",
"summary": "SUSE Bug 1250816",
"url": "https://bugzilla.suse.com/1250816"
},
{
"category": "self",
"summary": "SUSE Bug 1250820",
"url": "https://bugzilla.suse.com/1250820"
},
{
"category": "self",
"summary": "SUSE Bug 1250823",
"url": "https://bugzilla.suse.com/1250823"
},
{
"category": "self",
"summary": "SUSE Bug 1250825",
"url": "https://bugzilla.suse.com/1250825"
},
{
"category": "self",
"summary": "SUSE Bug 1250827",
"url": "https://bugzilla.suse.com/1250827"
},
{
"category": "self",
"summary": "SUSE Bug 1250830",
"url": "https://bugzilla.suse.com/1250830"
},
{
"category": "self",
"summary": "SUSE Bug 1250831",
"url": "https://bugzilla.suse.com/1250831"
},
{
"category": "self",
"summary": "SUSE Bug 1250837",
"url": "https://bugzilla.suse.com/1250837"
},
{
"category": "self",
"summary": "SUSE Bug 1250841",
"url": "https://bugzilla.suse.com/1250841"
},
{
"category": "self",
"summary": "SUSE Bug 1250861",
"url": "https://bugzilla.suse.com/1250861"
},
{
"category": "self",
"summary": "SUSE Bug 1250863",
"url": "https://bugzilla.suse.com/1250863"
},
{
"category": "self",
"summary": "SUSE Bug 1250867",
"url": "https://bugzilla.suse.com/1250867"
},
{
"category": "self",
"summary": "SUSE Bug 1250872",
"url": "https://bugzilla.suse.com/1250872"
},
{
"category": "self",
"summary": "SUSE Bug 1250873",
"url": "https://bugzilla.suse.com/1250873"
},
{
"category": "self",
"summary": "SUSE Bug 1250878",
"url": "https://bugzilla.suse.com/1250878"
},
{
"category": "self",
"summary": "SUSE Bug 1250905",
"url": "https://bugzilla.suse.com/1250905"
},
{
"category": "self",
"summary": "SUSE Bug 1250907",
"url": "https://bugzilla.suse.com/1250907"
},
{
"category": "self",
"summary": "SUSE Bug 1250917",
"url": "https://bugzilla.suse.com/1250917"
},
{
"category": "self",
"summary": "SUSE Bug 1250918",
"url": "https://bugzilla.suse.com/1250918"
},
{
"category": "self",
"summary": "SUSE Bug 1250923",
"url": "https://bugzilla.suse.com/1250923"
},
{
"category": "self",
"summary": "SUSE Bug 1250926",
"url": "https://bugzilla.suse.com/1250926"
},
{
"category": "self",
"summary": "SUSE Bug 1250928",
"url": "https://bugzilla.suse.com/1250928"
},
{
"category": "self",
"summary": "SUSE Bug 1250929",
"url": "https://bugzilla.suse.com/1250929"
},
{
"category": "self",
"summary": "SUSE Bug 1250930",
"url": "https://bugzilla.suse.com/1250930"
},
{
"category": "self",
"summary": "SUSE Bug 1250931",
"url": "https://bugzilla.suse.com/1250931"
},
{
"category": "self",
"summary": "SUSE Bug 1250941",
"url": "https://bugzilla.suse.com/1250941"
},
{
"category": "self",
"summary": "SUSE Bug 1250942",
"url": "https://bugzilla.suse.com/1250942"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1250949",
"url": "https://bugzilla.suse.com/1250949"
},
{
"category": "self",
"summary": "SUSE Bug 1250957",
"url": "https://bugzilla.suse.com/1250957"
},
{
"category": "self",
"summary": "SUSE Bug 1250964",
"url": "https://bugzilla.suse.com/1250964"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252081",
"url": "https://bugzilla.suse.com/1252081"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252236",
"url": "https://bugzilla.suse.com/1252236"
},
{
"category": "self",
"summary": "SUSE Bug 1252253",
"url": "https://bugzilla.suse.com/1252253"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252330",
"url": "https://bugzilla.suse.com/1252330"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252469",
"url": "https://bugzilla.suse.com/1252469"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252734",
"url": "https://bugzilla.suse.com/1252734"
},
{
"category": "self",
"summary": "SUSE Bug 1252735",
"url": "https://bugzilla.suse.com/1252735"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252819",
"url": "https://bugzilla.suse.com/1252819"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252915",
"url": "https://bugzilla.suse.com/1252915"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252921",
"url": "https://bugzilla.suse.com/1252921"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3772 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39197 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42753 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53147 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53148 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53150 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53151 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53152 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53165 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53167 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53170 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53174 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53175 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53177 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53177/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53179 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53180 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53181 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53183 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53183/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53184 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53185 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53187 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53189 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53195 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53196 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53201 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53204 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53205 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53206 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53207 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53208 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53209 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53210 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53215 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53217 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53220 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53221 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53222 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53226 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53230 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53231 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53238 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53243 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53245 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53245/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53247 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53247/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53249 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53251 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53252 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53255 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53257 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53258 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53258/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53260 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53263 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53264 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53264/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53272 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53274 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53275 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53275/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53280 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53286 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53287 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53287/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53291 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53292 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53303 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53304 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53305 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53309 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53311 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53312 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53312/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53313 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53313/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53314 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53314/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53316 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53316/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53319 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53321 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53323 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53324 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53325 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53328 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53328/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53331 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53333 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53333/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53336 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53338 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53339 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53342 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53343 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53350 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53352 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53354 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53356 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53357 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53360 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53362 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53364 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53365 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53367 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53368 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53369 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53370 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53370/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53371 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53374 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53377 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53379 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53380 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53384 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53384/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53385 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53385/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53386 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53391 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53394 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53395 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53397 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53401 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53420 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53420/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53421 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53421/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53424 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53426 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53428 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53428/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53429 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53429/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53432 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53432/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53436 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53438 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53441 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53441/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53442 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53442/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53444 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53444/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53446 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53447 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53448 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53451 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53451/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53454 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53456 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53456/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53457 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53457/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53461 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53462 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53463 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53465 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53472 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53479 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53480 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53480/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53485 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53485/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53488 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53488/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53490 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53491 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53492 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53493 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53493/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53495 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53496 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53496/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53500 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53501 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53504 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53505 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53505/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53507 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53507/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53508 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53510 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53510/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53515 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53515/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53516 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53518 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53519 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53519/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53520 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53520/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53523 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53526 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53526/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53527 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53528 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53531 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26584 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58240 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38680 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38681 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38687 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38691 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38691/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38692 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38692/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38695 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38698 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38712 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38712/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39675 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39675/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39679 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39684 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39685 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39686 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39693 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39694 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39701 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39706 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39709 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39709/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39719 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39721 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39750 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39750/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39751 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39757 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39772 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39790 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39790/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39798 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39798/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39800 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39800/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39801 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39806 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39808 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39824 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39826 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39839 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39844 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39844/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39845 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39846 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39847 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39848 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39849 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39850 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39853 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39854 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39860 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39863 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39864 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39871 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39873 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39891 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39900 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39907 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39907/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39920 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39920/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39923 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39925 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39925/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39984 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40012 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40037 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40091 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40104/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-19T14:06:18Z",
"generator": {
"date": "2025-11-19T14:06:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4141-1",
"initial_release_date": "2025-11-19T14:06:18Z",
"revision_history": [
{
"date": "2025-11-19T14:06:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"product_id": "kernel-source-rt-6.4.0-150700.7.22.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-extra-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-extra-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-optional-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-optional-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-rt-vdso-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-rt-vdso-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "kselftests-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"product_id": "reiserfs-kmp-rt-6.4.0-150700.7.22.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP7",
"product": {
"name": "SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-150700.7.22.1.noarch as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64 as component of SUSE Real Time Module 15 SP7",
"product_id": "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-31248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31248"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31248",
"url": "https://www.suse.com/security/cve/CVE-2023-31248"
},
{
"category": "external",
"summary": "SUSE Bug 1213061 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "external",
"summary": "SUSE Bug 1213064 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-31248"
},
{
"cve": "CVE-2023-3772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3772"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3772",
"url": "https://www.suse.com/security/cve/CVE-2023-3772"
},
{
"category": "external",
"summary": "SUSE Bug 1213666 for CVE-2023-3772",
"url": "https://bugzilla.suse.com/1213666"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-3772"
},
{
"cve": "CVE-2023-39197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39197"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39197",
"url": "https://www.suse.com/security/cve/CVE-2023-39197"
},
{
"category": "external",
"summary": "SUSE Bug 1216976 for CVE-2023-39197",
"url": "https://bugzilla.suse.com/1216976"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39197",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-39197"
},
{
"cve": "CVE-2023-42753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42753"
}
],
"notes": [
{
"category": "general",
"text": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42753",
"url": "https://www.suse.com/security/cve/CVE-2023-42753"
},
{
"category": "external",
"summary": "SUSE Bug 1215150 for CVE-2023-42753",
"url": "https://bugzilla.suse.com/1215150"
},
{
"category": "external",
"summary": "SUSE Bug 1218613 for CVE-2023-42753",
"url": "https://bugzilla.suse.com/1218613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-42753"
},
{
"cve": "CVE-2023-53147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53147"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: add NULL check in xfrm_update_ae_params\n\nNormally, x-\u003ereplay_esn and x-\u003epreplay_esn should be allocated at\nxfrm_alloc_replay_state_esn(...) in xfrm_state_construct(...), hence the\nxfrm_update_ae_params(...) is okay to update them. However, the current\nimplementation of xfrm_new_ae(...) allows a malicious user to directly\ndereference a NULL pointer and crash the kernel like below.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 8253067 P4D 8253067 PUD 8e0e067 PMD 0\nOops: 0002 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 98 Comm: poc.npd Not tainted 6.4.0-rc7-00072-gdad9774deaf1 #8\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.o4\nRIP: 0010:memcpy_orig+0xad/0x140\nCode: e8 4c 89 5f e0 48 8d 7f e0 73 d2 83 c2 20 48 29 d6 48 29 d7 83 fa 10 72 34 4c 8b 06 4c 8b 4e 08 c\nRSP: 0018:ffff888008f57658 EFLAGS: 00000202\nRAX: 0000000000000000 RBX: ffff888008bd0000 RCX: ffffffff8238e571\nRDX: 0000000000000018 RSI: ffff888007f64844 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff888008f57818\nR13: ffff888007f64aa4 R14: 0000000000000000 R15: 0000000000000000\nFS: 00000000014013c0(0000) GS:ffff88806d600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000054d8000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x70\n ? page_fault_oops+0x1e8/0x500\n ? __pfx_is_prefetch.constprop.0+0x10/0x10\n ? __pfx_page_fault_oops+0x10/0x10\n ? _raw_spin_unlock_irqrestore+0x11/0x40\n ? fixup_exception+0x36/0x460\n ? _raw_spin_unlock_irqrestore+0x11/0x40\n ? exc_page_fault+0x5e/0xc0\n ? asm_exc_page_fault+0x26/0x30\n ? xfrm_update_ae_params+0xd1/0x260\n ? memcpy_orig+0xad/0x140\n ? __pfx__raw_spin_lock_bh+0x10/0x10\n xfrm_update_ae_params+0xe7/0x260\n xfrm_new_ae+0x298/0x4e0\n ? __pfx_xfrm_new_ae+0x10/0x10\n ? __pfx_xfrm_new_ae+0x10/0x10\n xfrm_user_rcv_msg+0x25a/0x410\n ? __pfx_xfrm_user_rcv_msg+0x10/0x10\n ? __alloc_skb+0xcf/0x210\n ? stack_trace_save+0x90/0xd0\n ? filter_irq_stacks+0x1c/0x70\n ? __stack_depot_save+0x39/0x4e0\n ? __kasan_slab_free+0x10a/0x190\n ? kmem_cache_free+0x9c/0x340\n ? netlink_recvmsg+0x23c/0x660\n ? sock_recvmsg+0xeb/0xf0\n ? __sys_recvfrom+0x13c/0x1f0\n ? __x64_sys_recvfrom+0x71/0x90\n ? do_syscall_64+0x3f/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n ? copyout+0x3e/0x50\n netlink_rcv_skb+0xd6/0x210\n ? __pfx_xfrm_user_rcv_msg+0x10/0x10\n ? __pfx_netlink_rcv_skb+0x10/0x10\n ? __pfx_sock_has_perm+0x10/0x10\n ? mutex_lock+0x8d/0xe0\n ? __pfx_mutex_lock+0x10/0x10\n xfrm_netlink_rcv+0x44/0x50\n netlink_unicast+0x36f/0x4c0\n ? __pfx_netlink_unicast+0x10/0x10\n ? netlink_recvmsg+0x500/0x660\n netlink_sendmsg+0x3b7/0x700\n\nThis Null-ptr-deref bug is assigned CVE-2023-3772. And this commit\nadds additional NULL check in xfrm_update_ae_params to fix the NPD.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53147",
"url": "https://www.suse.com/security/cve/CVE-2023-53147"
},
{
"category": "external",
"summary": "SUSE Bug 1249880 for CVE-2023-53147",
"url": "https://bugzilla.suse.com/1249880"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53147"
},
{
"cve": "CVE-2023-53148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix igb_down hung on surprise removal\n\nIn a setup where a Thunderbolt hub connects to Ethernet and a display\nthrough USB Type-C, users may experience a hung task timeout when they\nremove the cable between the PC and the Thunderbolt hub.\nThis is because the igb_down function is called multiple times when\nthe Thunderbolt hub is unplugged. For example, the igb_io_error_detected\ntriggers the first call, and the igb_remove triggers the second call.\nThe second call to igb_down will block at napi_synchronize.\nHere\u0027s the call trace:\n __schedule+0x3b0/0xddb\n ? __mod_timer+0x164/0x5d3\n schedule+0x44/0xa8\n schedule_timeout+0xb2/0x2a4\n ? run_local_timers+0x4e/0x4e\n msleep+0x31/0x38\n igb_down+0x12c/0x22a [igb 6615058754948bfde0bf01429257eb59f13030d4]\n __igb_close+0x6f/0x9c [igb 6615058754948bfde0bf01429257eb59f13030d4]\n igb_close+0x23/0x2b [igb 6615058754948bfde0bf01429257eb59f13030d4]\n __dev_close_many+0x95/0xec\n dev_close_many+0x6e/0x103\n unregister_netdevice_many+0x105/0x5b1\n unregister_netdevice_queue+0xc2/0x10d\n unregister_netdev+0x1c/0x23\n igb_remove+0xa7/0x11c [igb 6615058754948bfde0bf01429257eb59f13030d4]\n pci_device_remove+0x3f/0x9c\n device_release_driver_internal+0xfe/0x1b4\n pci_stop_bus_device+0x5b/0x7f\n pci_stop_bus_device+0x30/0x7f\n pci_stop_bus_device+0x30/0x7f\n pci_stop_and_remove_bus_device+0x12/0x19\n pciehp_unconfigure_device+0x76/0xe9\n pciehp_disable_slot+0x6e/0x131\n pciehp_handle_presence_or_link_change+0x7a/0x3f7\n pciehp_ist+0xbe/0x194\n irq_thread_fn+0x22/0x4d\n ? irq_thread+0x1fd/0x1fd\n irq_thread+0x17b/0x1fd\n ? irq_forced_thread_fn+0x5f/0x5f\n kthread+0x142/0x153\n ? __irq_get_irqchip_state+0x46/0x46\n ? kthread_associate_blkcg+0x71/0x71\n ret_from_fork+0x1f/0x30\n\nIn this case, igb_io_error_detected detaches the network interface\nand requests a PCIE slot reset, however, the PCIE reset callback is\nnot being invoked and thus the Ethernet connection breaks down.\nAs the PCIE error in this case is a non-fatal one, requesting a\nslot reset can be avoided.\nThis patch fixes the task hung issue and preserves Ethernet\nconnection by ignoring non-fatal PCIE errors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53148",
"url": "https://www.suse.com/security/cve/CVE-2023-53148"
},
{
"category": "external",
"summary": "SUSE Bug 1249842 for CVE-2023-53148",
"url": "https://bugzilla.suse.com/1249842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53148"
},
{
"cve": "CVE-2023-53150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Pointer may be dereferenced\n\nKlocwork tool reported pointer \u0027rport\u0027 returned from call to function\nfc_bsg_to_rport() may be NULL and will be dereferenced.\n\nAdd a fix to validate rport before dereferencing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53150",
"url": "https://www.suse.com/security/cve/CVE-2023-53150"
},
{
"category": "external",
"summary": "SUSE Bug 1249853 for CVE-2023-53150",
"url": "https://bugzilla.suse.com/1249853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53150"
},
{
"cve": "CVE-2023-53151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: prevent soft lockup while flush writes\n\nCurrently, there is no limit for raid1/raid10 plugged bio. While flushing\nwrites, raid1 has cond_resched() while raid10 doesn\u0027t, and too many\nwrites can cause soft lockup.\n\nFollow up soft lockup can be triggered easily with writeback test for\nraid10 with ramdisks:\n\nwatchdog: BUG: soft lockup - CPU#10 stuck for 27s! [md0_raid10:1293]\nCall Trace:\n \u003cTASK\u003e\n call_rcu+0x16/0x20\n put_object+0x41/0x80\n __delete_object+0x50/0x90\n delete_object_full+0x2b/0x40\n kmemleak_free+0x46/0xa0\n slab_free_freelist_hook.constprop.0+0xed/0x1a0\n kmem_cache_free+0xfd/0x300\n mempool_free_slab+0x1f/0x30\n mempool_free+0x3a/0x100\n bio_free+0x59/0x80\n bio_put+0xcf/0x2c0\n free_r10bio+0xbf/0xf0\n raid_end_bio_io+0x78/0xb0\n one_write_done+0x8a/0xa0\n raid10_end_write_request+0x1b4/0x430\n bio_endio+0x175/0x320\n brd_submit_bio+0x3b9/0x9b7 [brd]\n __submit_bio+0x69/0xe0\n submit_bio_noacct_nocheck+0x1e6/0x5a0\n submit_bio_noacct+0x38c/0x7e0\n flush_pending_writes+0xf0/0x240\n raid10d+0xac/0x1ed0\n\nFix the problem by adding cond_resched() to raid10 like what raid1 did.\n\nNote that unlimited plugged bio still need to be optimized, for example,\nin the case of lots of dirty pages writeback, this will take lots of\nmemory and io will spend a long time in plug, hence io latency is bad.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53151",
"url": "https://www.suse.com/security/cve/CVE-2023-53151"
},
{
"category": "external",
"summary": "SUSE Bug 1249865 for CVE-2023-53151",
"url": "https://bugzilla.suse.com/1249865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53151"
},
{
"cve": "CVE-2023-53152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix calltrace warning in amddrm_buddy_fini\n\nThe following call trace is observed when removing the amdgpu driver, which\nis caused by that BOs allocated for psp are not freed until removing.\n\n[61811.450562] RIP: 0010:amddrm_buddy_fini.cold+0x29/0x47 [amddrm_buddy]\n[61811.450577] Call Trace:\n[61811.450577] \u003cTASK\u003e\n[61811.450579] amdgpu_vram_mgr_fini+0x135/0x1c0 [amdgpu]\n[61811.450728] amdgpu_ttm_fini+0x207/0x290 [amdgpu]\n[61811.450870] amdgpu_bo_fini+0x27/0xa0 [amdgpu]\n[61811.451012] gmc_v9_0_sw_fini+0x4a/0x60 [amdgpu]\n[61811.451166] amdgpu_device_fini_sw+0x117/0x520 [amdgpu]\n[61811.451306] amdgpu_driver_release_kms+0x16/0x30 [amdgpu]\n[61811.451447] devm_drm_dev_init_release+0x4d/0x80 [drm]\n[61811.451466] devm_action_release+0x15/0x20\n[61811.451469] release_nodes+0x40/0xb0\n[61811.451471] devres_release_all+0x9b/0xd0\n[61811.451473] __device_release_driver+0x1bb/0x2a0\n[61811.451476] driver_detach+0xf3/0x140\n[61811.451479] bus_remove_driver+0x6c/0xf0\n[61811.451481] driver_unregister+0x31/0x60\n[61811.451483] pci_unregister_driver+0x40/0x90\n[61811.451486] amdgpu_exit+0x15/0x447 [amdgpu]\n\nFor smu v13_0_2, if the GPU supports xgmi, refer to\n\ncommit f5c7e7797060 (\"drm/amdgpu: Adjust removal control flow for smu v13_0_2\"),\n\nit will run gpu recover in AMDGPU_RESET_FOR_DEVICE_REMOVE mode when removing,\nwhich makes all devices in hive list have hw reset but no resume except the\nbasic ip blocks, then other ip blocks will not call .hw_fini according to\nip_block.status.hw.\n\nSince psp_free_shared_bufs just includes some software operations, so move\nit to psp_sw_fini.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53152",
"url": "https://www.suse.com/security/cve/CVE-2023-53152"
},
{
"category": "external",
"summary": "SUSE Bug 1249883 for CVE-2023-53152",
"url": "https://bugzilla.suse.com/1249883"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53152"
},
{
"cve": "CVE-2023-53165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53165"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix uninitialized array access for some pathnames\n\nFor filenames that begin with . and are between 2 and 5 characters long,\nUDF charset conversion code would read uninitialized memory in the\noutput buffer. The only practical impact is that the name may be prepended a\n\"unification hash\" when it is not actually needed but still it is good\nto fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53165",
"url": "https://www.suse.com/security/cve/CVE-2023-53165"
},
{
"category": "external",
"summary": "SUSE Bug 1250395 for CVE-2023-53165",
"url": "https://bugzilla.suse.com/1250395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53165"
},
{
"cve": "CVE-2023-53167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix null pointer dereference in tracing_err_log_open()\n\nFix an issue in function \u0027tracing_err_log_open\u0027.\nThe function doesn\u0027t call \u0027seq_open\u0027 if the file is opened only with\nwrite permissions, which results in \u0027file-\u003eprivate_data\u0027 being left as null.\nIf we then use \u0027lseek\u0027 on that opened file, \u0027seq_lseek\u0027 dereferences\n\u0027file-\u003eprivate_data\u0027 in \u0027mutex_lock(\u0026m-\u003elock)\u0027, resulting in a kernel panic.\nWriting to this node requires root privileges, therefore this bug\nhas very little security impact.\n\nTracefs node: /sys/kernel/tracing/error_log\n\nExample Kernel panic:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000038\nCall trace:\n mutex_lock+0x30/0x110\n seq_lseek+0x34/0xb8\n __arm64_sys_lseek+0x6c/0xb8\n invoke_syscall+0x58/0x13c\n el0_svc_common+0xc4/0x10c\n do_el0_svc+0x24/0x98\n el0_svc+0x24/0x88\n el0t_64_sync_handler+0x84/0xe4\n el0t_64_sync+0x1b4/0x1b8\nCode: d503201f aa0803e0 aa1f03e1 aa0103e9 (c8e97d02)\n---[ end trace 561d1b49c12cf8a5 ]---\nKernel panic - not syncing: Oops: Fatal exception",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53167",
"url": "https://www.suse.com/security/cve/CVE-2023-53167"
},
{
"category": "external",
"summary": "SUSE Bug 1249712 for CVE-2023-53167",
"url": "https://bugzilla.suse.com/1249712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53167"
},
{
"cve": "CVE-2023-53170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: Removed unneeded of_node_put in felix_parse_ports_node\n\nRemove unnecessary of_node_put from the continue path to prevent\nchild node from being released twice, which could avoid resource\nleak or other unexpected issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53170",
"url": "https://www.suse.com/security/cve/CVE-2023-53170"
},
{
"category": "external",
"summary": "SUSE Bug 1249850 for CVE-2023-53170",
"url": "https://bugzilla.suse.com/1249850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53170"
},
{
"cve": "CVE-2023-53174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53174"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix possible memory leak if device_add() fails\n\nIf device_add() returns error, the name allocated by dev_set_name() needs\nbe freed. As the comment of device_add() says, put_device() should be used\nto decrease the reference count in the error path. So fix this by calling\nput_device(), then the name can be freed in kobject_cleanp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53174",
"url": "https://www.suse.com/security/cve/CVE-2023-53174"
},
{
"category": "external",
"summary": "SUSE Bug 1250024 for CVE-2023-53174",
"url": "https://bugzilla.suse.com/1250024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53174"
},
{
"cve": "CVE-2023-53175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53175"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation\n\nWhen a Linux VM with an assigned PCI device runs on Hyper-V, if the PCI\ndevice driver is not loaded yet (i.e. MSI-X/MSI is not enabled on the\ndevice yet), doing a VM hibernation triggers a panic in\nhv_pci_restore_msi_msg() -\u003e msi_lock_descs(\u0026pdev-\u003edev), because\npdev-\u003edev.msi.data is still NULL.\n\nAvoid the panic by checking if MSI-X/MSI is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53175",
"url": "https://www.suse.com/security/cve/CVE-2023-53175"
},
{
"category": "external",
"summary": "SUSE Bug 1249845 for CVE-2023-53175",
"url": "https://bugzilla.suse.com/1249845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53175"
},
{
"cve": "CVE-2023-53177",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53177"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hi846: fix usage of pm_runtime_get_if_in_use()\n\npm_runtime_get_if_in_use() does not only return nonzero values when\nthe device is in use, it can return a negative errno too.\n\nAnd especially during resuming from system suspend, when runtime pm\nis not yet up again, -EAGAIN is being returned, so the subsequent\npm_runtime_put() call results in a refcount underflow.\n\nFix system-resume by handling -EAGAIN of pm_runtime_get_if_in_use().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53177",
"url": "https://www.suse.com/security/cve/CVE-2023-53177"
},
{
"category": "external",
"summary": "SUSE Bug 1249849 for CVE-2023-53177",
"url": "https://bugzilla.suse.com/1249849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53177"
},
{
"cve": "CVE-2023-53179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c\n\nThe missing IP_SET_HASH_WITH_NET0 macro in ip_set_hash_netportnet can\nlead to the use of wrong `CIDR_POS(c)` for calculating array offsets,\nwhich can lead to integer underflow. As a result, it leads to slab\nout-of-bound access.\nThis patch adds back the IP_SET_HASH_WITH_NET0 macro to\nip_set_hash_netportnet to address the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53179",
"url": "https://www.suse.com/security/cve/CVE-2023-53179"
},
{
"category": "external",
"summary": "SUSE Bug 1249825 for CVE-2023-53179",
"url": "https://bugzilla.suse.com/1249825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53179"
},
{
"cve": "CVE-2023-53180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53180"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Avoid NULL pointer access during management transmit cleanup\n\nCurrently \u0027ar\u0027 reference is not added in skb_cb.\nThough this is generally not used during transmit completion\ncallbacks, on interface removal the remaining idr cleanup callback\nuses the ar pointer from skb_cb from management txmgmt_idr. Hence fill them\nduring transmit call for proper usage to avoid NULL pointer dereference.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53180",
"url": "https://www.suse.com/security/cve/CVE-2023-53180"
},
{
"category": "external",
"summary": "SUSE Bug 1249826 for CVE-2023-53180",
"url": "https://bugzilla.suse.com/1249826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53180"
},
{
"cve": "CVE-2023-53181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53181"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: Stop leaking on krealloc() failure\n\nCurrently dma_resv_get_fences() will leak the previously\nallocated array if the fence iteration got restarted and\nthe krealloc_array() fails.\n\nFree the old array by hand, and make sure we still clear\nthe returned *fences so the caller won\u0027t end up accessing\nfreed memory. Some (but not all) of the callers of\ndma_resv_get_fences() seem to still trawl through the\narray even when dma_resv_get_fences() failed. And let\u0027s\nzero out *num_fences as well for good measure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53181",
"url": "https://www.suse.com/security/cve/CVE-2023-53181"
},
{
"category": "external",
"summary": "SUSE Bug 1249824 for CVE-2023-53181",
"url": "https://bugzilla.suse.com/1249824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53181"
},
{
"cve": "CVE-2023-53183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53183"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: exit gracefully if reloc roots don\u0027t match\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\n[CAUSE]\nThe root cause of the triggered ASSERT() is we can have a race between\nquota tree creation and relocation.\n\nThis leads us to create a duplicated quota tree in the\nbtrfs_read_fs_root() path, and since it\u0027s treated as fs tree, it would\nhave ROOT_SHAREABLE flag, causing us to create a reloc tree for it.\n\nThe bug itself is fixed by a dedicated patch for it, but this already\ntaught us the ASSERT() is not something straightforward for\ndevelopers.\n\n[ENHANCEMENT]\nInstead of using an ASSERT(), let\u0027s handle it gracefully and output\nextra info about the mismatch reloc roots to help debug.\n\nAlso with the above ASSERT() removed, we can trigger ASSERT(0)s inside\nmerge_reloc_roots() later.\nAlso replace those ASSERT(0)s with WARN_ON()s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53183",
"url": "https://www.suse.com/security/cve/CVE-2023-53183"
},
{
"category": "external",
"summary": "SUSE Bug 1249863 for CVE-2023-53183",
"url": "https://bugzilla.suse.com/1249863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53183"
},
{
"cve": "CVE-2023-53184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sme: Set new vector length before reallocating\n\nAs part of fixing the allocation of the buffer for SVE state when changing\nSME vector length we introduced an immediate reallocation of the SVE state,\nthis is also done when changing the SVE vector length for consistency.\nUnfortunately this reallocation is done prior to writing the new vector\nlength to the task struct, meaning the allocation is done with the old\nvector length and can lead to memory corruption due to an undersized buffer\nbeing used.\n\nMove the update of the vector length before the allocation to ensure that\nthe new vector length is taken into account.\n\nFor some reason this isn\u0027t triggering any problems when running tests on\nthe arm64 fixes branch (even after repeated tries) but is triggering\nissues very often after merge into mainline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53184",
"url": "https://www.suse.com/security/cve/CVE-2023-53184"
},
{
"category": "external",
"summary": "SUSE Bug 1249823 for CVE-2023-53184",
"url": "https://bugzilla.suse.com/1249823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53184"
},
{
"cve": "CVE-2023-53185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: don\u0027t allow to overwrite ENDPOINT0 attributes\n\nA bad USB device is able to construct a service connection response\nmessage with target endpoint being ENDPOINT0 which is reserved for\nHTC_CTRL_RSVD_SVC and should not be modified to be used for any other\nservices.\n\nReject such service connection responses.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53185",
"url": "https://www.suse.com/security/cve/CVE-2023-53185"
},
{
"category": "external",
"summary": "SUSE Bug 1249820 for CVE-2023-53185",
"url": "https://bugzilla.suse.com/1249820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53185"
},
{
"cve": "CVE-2023-53187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of new block group that became unused\n\nIf a task creates a new block group and that block group becomes unused\nbefore we finish its creation, at btrfs_create_pending_block_groups(),\nthen when btrfs_mark_bg_unused() is called against the block group, we\nassume that the block group is currently in the list of block groups to\nreclaim, and we move it out of the list of new block groups and into the\nlist of unused block groups. This has two consequences:\n\n1) We move it out of the list of new block groups associated to the\n current transaction. So the block group creation is not finished and\n if we attempt to delete the bg because it\u0027s unused, we will not find\n the block group item in the extent tree (or the new block group tree),\n its device extent items in the device tree etc, resulting in the\n deletion to fail due to the missing items;\n\n2) We don\u0027t increment the reference count on the block group when we\n move it to the list of unused block groups, because we assumed the\n block group was on the list of block groups to reclaim, and in that\n case it already has the correct reference count. However the block\n group was on the list of new block groups, in which case no extra\n reference was taken because it\u0027s local to the current task. This\n later results in doing an extra reference count decrement when\n removing the block group from the unused list, eventually leading the\n reference count to 0.\n\nThis second case was caught when running generic/297 from fstests, which\nproduced the following assertion failure and stack trace:\n\n [589.559] assertion failed: refcount_read(\u0026block_group-\u003erefs) == 1, in fs/btrfs/block-group.c:4299\n [589.559] ------------[ cut here ]------------\n [589.559] kernel BUG at fs/btrfs/block-group.c:4299!\n [589.560] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n [589.560] CPU: 8 PID: 2819134 Comm: umount Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1\n [589.560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [589.560] RIP: 0010:btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.561] Code: 68 62 da c0 (...)\n [589.561] RSP: 0018:ffffa55a8c3b3d98 EFLAGS: 00010246\n [589.561] RAX: 0000000000000058 RBX: ffff8f030d7f2000 RCX: 0000000000000000\n [589.562] RDX: 0000000000000000 RSI: ffffffff953f0878 RDI: 00000000ffffffff\n [589.562] RBP: ffff8f030d7f2088 R08: 0000000000000000 R09: ffffa55a8c3b3c50\n [589.562] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8f05850b4c00\n [589.562] R13: ffff8f030d7f2090 R14: ffff8f05850b4cd8 R15: dead000000000100\n [589.563] FS: 00007f497fd2e840(0000) GS:ffff8f09dfc00000(0000) knlGS:0000000000000000\n [589.563] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [589.563] CR2: 00007f497ff8ec10 CR3: 0000000271472006 CR4: 0000000000370ee0\n [589.563] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [589.564] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [589.564] Call Trace:\n [589.564] \u003cTASK\u003e\n [589.565] ? __die_body+0x1b/0x60\n [589.565] ? die+0x39/0x60\n [589.565] ? do_trap+0xeb/0x110\n [589.565] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.566] ? do_error_trap+0x6a/0x90\n [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.566] ? exc_invalid_op+0x4e/0x70\n [589.566] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] ? asm_exc_invalid_op+0x16/0x20\n [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] ? btrfs_free_block_groups+0x449/0x4a0 [btrfs]\n [589.567] close_ctree+0x35d/0x560 [btrfs]\n [589.568] ? fsnotify_sb_delete+0x13e/0x1d0\n [589.568] ? dispose_list+0x3a/0x50\n [589.568] ? evict_inodes+0x151/0x1a0\n [589.568] generic_shutdown_super+0x73/0x1a0\n [589.569] kill_anon_super+0x14/0x30\n [589.569] btrfs_kill_super+0x12/0x20 [btrfs]\n [589.569] deactivate_locked\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53187",
"url": "https://www.suse.com/security/cve/CVE-2023-53187"
},
{
"category": "external",
"summary": "SUSE Bug 1249815 for CVE-2023-53187",
"url": "https://bugzilla.suse.com/1249815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53187"
},
{
"cve": "CVE-2023-53189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6/addrconf: fix a potential refcount underflow for idev\n\nNow in addrconf_mod_rs_timer(), reference idev depends on whether\nrs_timer is not pending. Then modify rs_timer timeout.\n\nThere is a time gap in [1], during which if the pending rs_timer\nbecomes not pending. It will miss to hold idev, but the rs_timer\nis activated. Thus rs_timer callback function addrconf_rs_timer()\nwill be executed and put idev later without holding idev. A refcount\nunderflow issue for idev can be caused by this.\n\n\tif (!timer_pending(\u0026idev-\u003ers_timer))\n\t\tin6_dev_hold(idev);\n\t\t \u003c--------------[1]\n\tmod_timer(\u0026idev-\u003ers_timer, jiffies + when);\n\nTo fix the issue, hold idev if mod_timer() return 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53189",
"url": "https://www.suse.com/security/cve/CVE-2023-53189"
},
{
"category": "external",
"summary": "SUSE Bug 1249894 for CVE-2023-53189",
"url": "https://bugzilla.suse.com/1249894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53189"
},
{
"cve": "CVE-2023-53192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix nexthop hash size\n\nThe nexthop code expects a 31 bit hash, such as what is returned by\nfib_multipath_hash() and rt6_multipath_hash(). Passing the 32 bit hash\nreturned by skb_get_hash() can lead to problems related to the fact that\n\u0027int hash\u0027 is a negative number when the MSB is set.\n\nIn the case of hash threshold nexthop groups, nexthop_select_path_hthr()\nwill disproportionately select the first nexthop group entry. In the case\nof resilient nexthop groups, nexthop_select_path_res() may do an out of\nbounds access in nh_buckets[], for example:\n hash = -912054133\n num_nh_buckets = 2\n bucket_index = 65535\n\nwhich leads to the following panic:\n\nBUG: unable to handle page fault for address: ffffc900025910c8\nPGD 100000067 P4D 100000067 PUD 10026b067 PMD 0\nOops: 0002 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 4 PID: 856 Comm: kworker/4:3 Not tainted 6.5.0-rc2+ #34\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:nexthop_select_path+0x197/0xbf0\nCode: c1 e4 05 be 08 00 00 00 4c 8b 35 a4 14 7e 01 4e 8d 6c 25 00 4a 8d 7c 25 08 48 01 dd e8 c2 25 15 ff 49 8d 7d 08 e8 39 13 15 ff \u003c4d\u003e 89 75 08 48 89 ef e8 7d 12 15 ff 48 8b 5d 00 e8 14 55 2f 00 85\nRSP: 0018:ffff88810c36f260 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002000c0 RCX: ffffffffaf02dd77\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffc900025910c8\nRBP: ffffc900025910c0 R08: 0000000000000001 R09: fffff520004b2219\nR10: ffffc900025910cf R11: 31392d2068736168 R12: 00000000002000c0\nR13: ffffc900025910c0 R14: 00000000fffef608 R15: ffff88811840e900\nFS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc900025910c8 CR3: 0000000129d00000 CR4: 0000000000750ee0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x1ee/0x5c0\n ? __pfx_is_prefetch.constprop.0+0x10/0x10\n ? __pfx_page_fault_oops+0x10/0x10\n ? search_bpf_extables+0xfe/0x1c0\n ? fixup_exception+0x3b/0x470\n ? exc_page_fault+0xf6/0x110\n ? asm_exc_page_fault+0x26/0x30\n ? nexthop_select_path+0x197/0xbf0\n ? nexthop_select_path+0x197/0xbf0\n ? lock_is_held_type+0xe7/0x140\n vxlan_xmit+0x5b2/0x2340\n ? __lock_acquire+0x92b/0x3370\n ? __pfx_vxlan_xmit+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_register_lock_class+0x10/0x10\n ? skb_network_protocol+0xce/0x2d0\n ? dev_hard_start_xmit+0xca/0x350\n ? __pfx_vxlan_xmit+0x10/0x10\n dev_hard_start_xmit+0xca/0x350\n __dev_queue_xmit+0x513/0x1e20\n ? __pfx___dev_queue_xmit+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? mark_held_locks+0x44/0x90\n ? skb_push+0x4c/0x80\n ? eth_header+0x81/0xe0\n ? __pfx_eth_header+0x10/0x10\n ? neigh_resolve_output+0x215/0x310\n ? ip6_finish_output2+0x2ba/0xc90\n ip6_finish_output2+0x2ba/0xc90\n ? lock_release+0x236/0x3e0\n ? ip6_mtu+0xbb/0x240\n ? __pfx_ip6_finish_output2+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? lock_is_held_type+0xe7/0x140\n ip6_finish_output+0x1ee/0x780\n ip6_output+0x138/0x460\n ? __pfx_ip6_output+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_ip6_finish_output+0x10/0x10\n NF_HOOK.constprop.0+0xc0/0x420\n ? __pfx_NF_HOOK.constprop.0+0x10/0x10\n ? ndisc_send_skb+0x2c0/0x960\n ? __pfx_lock_release+0x10/0x10\n ? __local_bh_enable_ip+0x93/0x110\n ? lock_is_held_type+0xe7/0x140\n ndisc_send_skb+0x4be/0x960\n ? __pfx_ndisc_send_skb+0x10/0x10\n ? mark_held_locks+0x65/0x90\n ? find_held_lock+0x83/0xa0\n ndisc_send_ns+0xb0/0x110\n ? __pfx_ndisc_send_ns+0x10/0x10\n addrconf_dad_work+0x631/0x8e0\n ? lock_acquire+0x180/0x3f0\n ? __pfx_addrconf_dad_work+0x10/0x10\n ? mark_held_locks+0x24/0x90\n process_one_work+0x582/0x9c0\n ? __pfx_process_one_work+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? mark_held_locks+0x24/0x90\n worker_thread+0x93/0x630\n ? __kthread_parkme+0xdc/0x100\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x1a5/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53192",
"url": "https://www.suse.com/security/cve/CVE-2023-53192"
},
{
"category": "external",
"summary": "SUSE Bug 1249897 for CVE-2023-53192",
"url": "https://bugzilla.suse.com/1249897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53192"
},
{
"cve": "CVE-2023-53195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: minimal: fix potential memory leak in mlxsw_m_linecards_init\n\nThe line cards array is not freed in the error path of\nmlxsw_m_linecards_init(), which can lead to a memory leak. Fix by\nfreeing the array in the error path, thereby making the error path\nidentical to mlxsw_m_linecards_fini().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53195",
"url": "https://www.suse.com/security/cve/CVE-2023-53195"
},
{
"category": "external",
"summary": "SUSE Bug 1249761 for CVE-2023-53195",
"url": "https://bugzilla.suse.com/1249761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53195"
},
{
"cve": "CVE-2023-53196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: qcom: Fix potential memory leak\n\nFunction dwc3_qcom_probe() allocates memory for resource structure\nwhich is pointed by parent_res pointer. This memory is not\nfreed. This leads to memory leak. Use stack memory to prevent\nmemory leak.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53196",
"url": "https://www.suse.com/security/cve/CVE-2023-53196"
},
{
"category": "external",
"summary": "SUSE Bug 1249758 for CVE-2023-53196",
"url": "https://bugzilla.suse.com/1249758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53196"
},
{
"cve": "CVE-2023-53201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: wraparound mbox producer index\n\nDriver is not handling the wraparound of the mbox producer index correctly.\nCurrently the wraparound happens once u32 max is reached.\n\nBit 31 of the producer index register is special and should be set\nonly once for the first command. Because the producer index overflow\nsetting bit31 after a long time, FW goes to initialization sequence\nand this causes FW hang.\n\nFix is to wraparound the mbox producer index once it reaches u16 max.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53201",
"url": "https://www.suse.com/security/cve/CVE-2023-53201"
},
{
"category": "external",
"summary": "SUSE Bug 1249687 for CVE-2023-53201",
"url": "https://bugzilla.suse.com/1249687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53201"
},
{
"cve": "CVE-2023-53204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix data-races around user-\u003eunix_inflight.\n\nuser-\u003eunix_inflight is changed under spin_lock(unix_gc_lock),\nbut too_many_unix_fds() reads it locklessly.\n\nLet\u0027s annotate the write/read accesses to user-\u003eunix_inflight.\n\nBUG: KCSAN: data-race in unix_attach_fds / unix_inflight\n\nwrite to 0xffffffff8546f2d0 of 8 bytes by task 44798 on cpu 1:\n unix_inflight+0x157/0x180 net/unix/scm.c:66\n unix_attach_fds+0x147/0x1e0 net/unix/scm.c:123\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nread to 0xffffffff8546f2d0 of 8 bytes by task 44814 on cpu 0:\n too_many_unix_fds net/unix/scm.c:101 [inline]\n unix_attach_fds+0x54/0x1e0 net/unix/scm.c:110\n unix_scm_to_skb net/unix/af_unix.c:1827 [inline]\n unix_dgram_sendmsg+0x46a/0x14f0 net/unix/af_unix.c:1950\n unix_seqpacket_sendmsg net/unix/af_unix.c:2308 [inline]\n unix_seqpacket_sendmsg+0xba/0x130 net/unix/af_unix.c:2292\n sock_sendmsg_nosec net/socket.c:725 [inline]\n sock_sendmsg+0x148/0x160 net/socket.c:748\n ____sys_sendmsg+0x4e4/0x610 net/socket.c:2494\n ___sys_sendmsg+0xc6/0x140 net/socket.c:2548\n __sys_sendmsg+0x94/0x140 net/socket.c:2577\n __do_sys_sendmsg net/socket.c:2586 [inline]\n __se_sys_sendmsg net/socket.c:2584 [inline]\n __x64_sys_sendmsg+0x45/0x50 net/socket.c:2584\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nvalue changed: 0x000000000000000c -\u003e 0x000000000000000d\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 44814 Comm: systemd-coredum Not tainted 6.4.0-11989-g6843306689af #6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53204",
"url": "https://www.suse.com/security/cve/CVE-2023-53204"
},
{
"category": "external",
"summary": "SUSE Bug 1249682 for CVE-2023-53204",
"url": "https://bugzilla.suse.com/1249682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53204"
},
{
"cve": "CVE-2023-53205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53205"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390/diag: fix racy access of physical cpu number in diag 9c handler\n\nWe do check for target CPU == -1, but this might change at the time we\nare going to use it. Hold the physical target CPU in a local variable to\navoid out-of-bound accesses to the cpu arrays.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53205",
"url": "https://www.suse.com/security/cve/CVE-2023-53205"
},
{
"category": "external",
"summary": "SUSE Bug 1249677 for CVE-2023-53205",
"url": "https://bugzilla.suse.com/1249677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53205"
},
{
"cve": "CVE-2023-53206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (pmbus_core) Fix NULL pointer dereference\n\nPass i2c_client to _pmbus_is_enabled to drop the assumption\nthat a regulator device is passed in.\n\nThis will fix the issue of a NULL pointer dereference when called from\n_pmbus_get_flags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53206",
"url": "https://www.suse.com/security/cve/CVE-2023-53206"
},
{
"category": "external",
"summary": "SUSE Bug 1249679 for CVE-2023-53206",
"url": "https://bugzilla.suse.com/1249679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53206"
},
{
"cve": "CVE-2023-53207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fail to recover device if queue setup is interrupted\n\nIn ublk_ctrl_end_recovery(), if wait_for_completion_interruptible() is\ninterrupted by signal, queues aren\u0027t setup successfully yet, so we\nhave to fail UBLK_CMD_END_USER_RECOVERY, otherwise kernel oops can be\ntriggered.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53207",
"url": "https://www.suse.com/security/cve/CVE-2023-53207"
},
{
"category": "external",
"summary": "SUSE Bug 1249678 for CVE-2023-53207",
"url": "https://bugzilla.suse.com/1249678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53207"
},
{
"cve": "CVE-2023-53208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Load L1\u0027s TSC multiplier based on L1 state, not L2 state\n\nWhen emulating nested VM-Exit, load L1\u0027s TSC multiplier if L1\u0027s desired\nratio doesn\u0027t match the current ratio, not if the ratio L1 is using for\nL2 diverges from the default. Functionally, the end result is the same\nas KVM will run L2 with L1\u0027s multiplier if L2\u0027s multiplier is the default,\ni.e. checking that L1\u0027s multiplier is loaded is equivalent to checking if\nL2 has a non-default multiplier.\n\nHowever, the assertion that TSC scaling is exposed to L1 is flawed, as\nuserspace can trigger the WARN at will by writing the MSR and then\nupdating guest CPUID to hide the feature (modifying guest CPUID is\nallowed anytime before KVM_RUN). E.g. hacking KVM\u0027s state_test\nselftest to do\n\n vcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n vcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 10 PID: 206939 at arch/x86/kvm/svm/nested.c:1105\n nested_svm_vmexit+0x6af/0x720 [kvm_amd]\n Call Trace:\n nested_svm_exit_handled+0x102/0x1f0 [kvm_amd]\n svm_handle_exit+0xb9/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n ? trace_hardirqs_off+0x4d/0xa0\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUnlike the nested VMRUN path, hoisting the svm-\u003etsc_scaling_enabled check\ninto the if-statement is wrong as KVM needs to ensure L1\u0027s multiplier is\nloaded in the above scenario. Alternatively, the WARN_ON() could simply\nbe deleted, but that would make KVM\u0027s behavior even more subtle, e.g. it\u0027s\nnot immediately obvious why it\u0027s safe to write MSR_AMD64_TSC_RATIO when\nchecking only tsc_ratio_msr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53208",
"url": "https://www.suse.com/security/cve/CVE-2023-53208"
},
{
"category": "external",
"summary": "SUSE Bug 1249698 for CVE-2023-53208",
"url": "https://bugzilla.suse.com/1249698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53208"
},
{
"cve": "CVE-2023-53209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: Fix possible NULL dereference\n\nIn a call to mac80211_hwsim_select_tx_link() the sta pointer might\nbe NULL, thus need to check that it is not NULL before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53209",
"url": "https://www.suse.com/security/cve/CVE-2023-53209"
},
{
"category": "external",
"summary": "SUSE Bug 1249856 for CVE-2023-53209",
"url": "https://bugzilla.suse.com/1249856"
},
{
"category": "external",
"summary": "SUSE Bug 1253191 for CVE-2023-53209",
"url": "https://bugzilla.suse.com/1253191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53209"
},
{
"cve": "CVE-2023-53210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53210"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid()\n\nr5l_flush_stripe_to_raid() will check if the list \u0027flushing_ios\u0027 is\nempty, and then submit \u0027flush_bio\u0027, however, r5l_log_flush_endio()\nis clearing the list first and then clear the bio, which will cause\nnull-ptr-deref:\n\nT1: submit flush io\nraid5d\n handle_active_stripes\n r5l_flush_stripe_to_raid\n // list is empty\n // add \u0027io_end_ios\u0027 to the list\n bio_init\n submit_bio\n // io1\n\nT2: io1 is done\nr5l_log_flush_endio\n list_splice_tail_init\n // clear the list\n\t\t\tT3: submit new flush io\n\t\t\t...\n\t\t\tr5l_flush_stripe_to_raid\n\t\t\t // list is empty\n\t\t\t // add \u0027io_end_ios\u0027 to the list\n\t\t\t bio_init\n bio_uninit\n // clear bio-\u003ebi_blkg\n\t\t\t submit_bio\n\t\t\t // null-ptr-deref\n\nFix this problem by clearing bio before clearing the list in\nr5l_log_flush_endio().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53210",
"url": "https://www.suse.com/security/cve/CVE-2023-53210"
},
{
"category": "external",
"summary": "SUSE Bug 1249673 for CVE-2023-53210",
"url": "https://bugzilla.suse.com/1249673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53210"
},
{
"cve": "CVE-2023-53215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Don\u0027t balance task to its current running CPU\n\nWe\u0027ve run into the case that the balancer tries to balance a migration\ndisabled task and trigger the warning in set_task_cpu() like below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 7 PID: 0 at kernel/sched/core.c:3115 set_task_cpu+0x188/0x240\n Modules linked in: hclgevf xt_CHECKSUM ipt_REJECT nf_reject_ipv4 \u003c...snip\u003e\n CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G O 6.1.0-rc4+ #1\n Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS 2280-V2 CS V5.B221.01 12/09/2021\n pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : set_task_cpu+0x188/0x240\n lr : load_balance+0x5d0/0xc60\n sp : ffff80000803bc70\n x29: ffff80000803bc70 x28: ffff004089e190e8 x27: ffff004089e19040\n x26: ffff007effcabc38 x25: 0000000000000000 x24: 0000000000000001\n x23: ffff80000803be84 x22: 000000000000000c x21: ffffb093e79e2a78\n x20: 000000000000000c x19: ffff004089e19040 x18: 0000000000000000\n x17: 0000000000001fad x16: 0000000000000030 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000001 x10: 0000000000000400 x9 : ffffb093e4cee530\n x8 : 00000000fffffffe x7 : 0000000000ce168a x6 : 000000000000013e\n x5 : 00000000ffffffe1 x4 : 0000000000000001 x3 : 0000000000000b2a\n x2 : 0000000000000b2a x1 : ffffb093e6d6c510 x0 : 0000000000000001\n Call trace:\n set_task_cpu+0x188/0x240\n load_balance+0x5d0/0xc60\n rebalance_domains+0x26c/0x380\n _nohz_idle_balance.isra.0+0x1e0/0x370\n run_rebalance_domains+0x6c/0x80\n __do_softirq+0x128/0x3d8\n ____do_softirq+0x18/0x24\n call_on_irq_stack+0x2c/0x38\n do_softirq_own_stack+0x24/0x3c\n __irq_exit_rcu+0xcc/0xf4\n irq_exit_rcu+0x18/0x24\n el1_interrupt+0x4c/0xe4\n el1h_64_irq_handler+0x18/0x2c\n el1h_64_irq+0x74/0x78\n arch_cpu_idle+0x18/0x4c\n default_idle_call+0x58/0x194\n do_idle+0x244/0x2b0\n cpu_startup_entry+0x30/0x3c\n secondary_start_kernel+0x14c/0x190\n __secondary_switched+0xb0/0xb4\n ---[ end trace 0000000000000000 ]---\n\nFurther investigation shows that the warning is superfluous, the migration\ndisabled task is just going to be migrated to its current running CPU.\nThis is because that on load balance if the dst_cpu is not allowed by the\ntask, we\u0027ll re-select a new_dst_cpu as a candidate. If no task can be\nbalanced to dst_cpu we\u0027ll try to balance the task to the new_dst_cpu\ninstead. In this case when the migration disabled task is not on CPU it\nonly allows to run on its current CPU, load balance will select its\ncurrent CPU as new_dst_cpu and later triggers the warning above.\n\nThe new_dst_cpu is chosen from the env-\u003edst_grpmask. Currently it\ncontains CPUs in sched_group_span() and if we have overlapped groups it\u0027s\npossible to run into this case. This patch makes env-\u003edst_grpmask of\ngroup_balance_mask() which exclude any CPUs from the busiest group and\nsolve the issue. For balancing in a domain with no overlapped groups\nthe behaviour keeps same as before.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53215",
"url": "https://www.suse.com/security/cve/CVE-2023-53215"
},
{
"category": "external",
"summary": "SUSE Bug 1250397 for CVE-2023-53215",
"url": "https://bugzilla.suse.com/1250397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53215"
},
{
"cve": "CVE-2023-53217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53217"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnubus: Partially revert proc_create_single_data() conversion\n\nThe conversion to proc_create_single_data() introduced a regression\nwhereby reading a file in /proc/bus/nubus results in a seg fault:\n\n # grep -r . /proc/bus/nubus/e/\n Data read fault at 0x00000020 in Super Data (pc=0x1074c2)\n BAD KERNEL BUSERR\n Oops: 00000000\n Modules linked in:\n PC: [\u003c001074c2\u003e] PDE_DATA+0xc/0x16\n SR: 2010 SP: 38284958 a2: 01152370\n d0: 00000001 d1: 01013000 d2: 01002790 d3: 00000000\n d4: 00000001 d5: 0008ce2e a0: 00000000 a1: 00222a40\n Process grep (pid: 45, task=142f8727)\n Frame format=B ssw=074d isc=2008 isb=4e5e daddr=00000020 dobuf=01199e70\n baddr=001074c8 dibuf=ffffffff ver=f\n Stack from 01199e48:\n\t 01199e70 00222a58 01002790 00000000 011a3000 01199eb0 015000c0 00000000\n\t 00000000 01199ec0 01199ec0 000d551a 011a3000 00000001 00000000 00018000\n\t d003f000 00000003 00000001 0002800d 01052840 01199fa8 c01f8000 00000000\n\t 00000029 0b532b80 00000000 00000000 00000029 0b532b80 01199ee4 00103640\n\t 011198c0 d003f000 00018000 01199fa8 00000000 011198c0 00000000 01199f4c\n\t 000b3344 011198c0 d003f000 00018000 01199fa8 00000000 00018000 011198c0\n Call Trace: [\u003c00222a58\u003e] nubus_proc_rsrc_show+0x18/0xa0\n [\u003c000d551a\u003e] seq_read+0xc4/0x510\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c0002800d\u003e] __sys_setreuid+0x115/0x1c6\n [\u003c00103640\u003e] proc_reg_read+0x5c/0xb0\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b3344\u003e] __vfs_read+0x2c/0x13c\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b8aa2\u003e] sys_statx+0x60/0x7e\n [\u003c000b34b6\u003e] vfs_read+0x62/0x12a\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b39c2\u003e] ksys_read+0x48/0xbe\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c000b3a4e\u003e] sys_read+0x16/0x1a\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c00002b84\u003e] syscall+0x8/0xc\n [\u003c00018000\u003e] fp_fcos+0x2/0x82\n [\u003c0000c016\u003e] not_ext+0xa/0x18\n Code: 4e5e 4e75 4e56 0000 206e 0008 2068 ffe8 \u003c2068\u003e 0020 2008 4e5e 4e75 4e56 0000 2f0b 206e 0008 2068 0004 2668 0020 206b ffe8\n Disabling lock debugging due to kernel taint\n\n Segmentation fault\n\nThe proc_create_single_data() conversion does not work because\nsingle_open(file, nubus_proc_rsrc_show, PDE_DATA(inode)) is not\nequivalent to the original code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53217",
"url": "https://www.suse.com/security/cve/CVE-2023-53217"
},
{
"category": "external",
"summary": "SUSE Bug 1249672 for CVE-2023-53217",
"url": "https://bugzilla.suse.com/1249672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53217"
},
{
"cve": "CVE-2023-53220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: az6007: Fix null-ptr-deref in az6007_i2c_xfer()\n\nIn az6007_i2c_xfer, msg is controlled by user. When msg[i].buf\nis null and msg[i].len is zero, former checks on msg[i].buf would be\npassed. Malicious data finally reach az6007_i2c_xfer. If accessing\nmsg[i].buf[0] without sanity check, null ptr deref would happen.\nWe add check on msg[i].len to prevent crash.\n\nSimilar commit:\ncommit 0ed554fd769a\n(\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53220",
"url": "https://www.suse.com/security/cve/CVE-2023-53220"
},
{
"category": "external",
"summary": "SUSE Bug 1250337 for CVE-2023-53220",
"url": "https://bugzilla.suse.com/1250337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53220"
},
{
"cve": "CVE-2023-53221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix memleak due to fentry attach failure\n\nIf it fails to attach fentry, the allocated bpf trampoline image will be\nleft in the system. That can be verified by checking /proc/kallsyms.\n\nThis meamleak can be verified by a simple bpf program as follows:\n\n SEC(\"fentry/trap_init\")\n int fentry_run()\n {\n return 0;\n }\n\nIt will fail to attach trap_init because this function is freed after\nkernel init, and then we can find the trampoline image is left in the\nsystem by checking /proc/kallsyms.\n\n $ tail /proc/kallsyms\n ffffffffc0613000 t bpf_trampoline_6442453466_1 [bpf]\n ffffffffc06c3000 t bpf_trampoline_6442453466_1 [bpf]\n\n $ bpftool btf dump file /sys/kernel/btf/vmlinux | grep \"FUNC \u0027trap_init\u0027\"\n [2522] FUNC \u0027trap_init\u0027 type_id=119 linkage=static\n\n $ echo $((6442453466 \u0026 0x7fffffff))\n 2522\n\nNote that there are two left bpf trampoline images, that is because the\nlibbpf will fallback to raw tracepoint if -EINVAL is returned.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53221",
"url": "https://www.suse.com/security/cve/CVE-2023-53221"
},
{
"category": "external",
"summary": "SUSE Bug 1249662 for CVE-2023-53221",
"url": "https://bugzilla.suse.com/1249662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53221"
},
{
"cve": "CVE-2023-53222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: jfs_dmap: Validate db_l2nbperpage while mounting\n\nIn jfs_dmap.c at line 381, BLKTODMAP is used to get a logical block\nnumber inside dbFree(). db_l2nbperpage, which is the log2 number of\nblocks per page, is passed as an argument to BLKTODMAP which uses it\nfor shifting.\n\nSyzbot reported a shift out-of-bounds crash because db_l2nbperpage is\ntoo big. This happens because the large value is set without any\nvalidation in dbMount() at line 181.\n\nThus, make sure that db_l2nbperpage is correct while mounting.\n\nMax number of blocks per page = Page size / Min block size\n=\u003e log2(Max num_block per page) = log2(Page size / Min block size)\n\t\t\t\t= log2(Page size) - log2(Min block size)\n\n=\u003e Max db_l2nbperpage = L2PSIZE - L2MINBLOCKSIZE",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53222",
"url": "https://www.suse.com/security/cve/CVE-2023-53222"
},
{
"category": "external",
"summary": "SUSE Bug 1249864 for CVE-2023-53222",
"url": "https://bugzilla.suse.com/1249864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53222"
},
{
"cve": "CVE-2023-53226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix OOB and integer underflow when rx packets\n\nMake sure mwifiex_process_mgmt_packet,\nmwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet,\nmwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet\nnot out-of-bounds access the skb-\u003edata buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53226",
"url": "https://www.suse.com/security/cve/CVE-2023-53226"
},
{
"category": "external",
"summary": "SUSE Bug 1249658 for CVE-2023-53226",
"url": "https://bugzilla.suse.com/1249658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53226"
},
{
"cve": "CVE-2023-53230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix warning in cifs_smb3_do_mount()\n\nThis fixes the following warning reported by kernel test robot\n\n fs/smb/client/cifsfs.c:982 cifs_smb3_do_mount() warn: possible\n memory leak of \u0027cifs_sb\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53230",
"url": "https://www.suse.com/security/cve/CVE-2023-53230"
},
{
"category": "external",
"summary": "SUSE Bug 1249866 for CVE-2023-53230",
"url": "https://bugzilla.suse.com/1249866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53230"
},
{
"cve": "CVE-2023-53231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: Fix detection of atomic context\n\nCurrent check for atomic context is not sufficient as\nz_erofs_decompressqueue_endio can be called under rcu lock\nfrom blk_mq_flush_plug_list(). See the stacktrace [1]\n\nIn such case we should hand off the decompression work for async\nprocessing rather than trying to do sync decompression in current\ncontext. Patch fixes the detection by checking for\nrcu_read_lock_any_held() and while at it use more appropriate\n!in_task() check than in_atomic().\n\nBackground: Historically erofs would always schedule a kworker for\ndecompression which would incur the scheduling cost regardless of\nthe context. But z_erofs_decompressqueue_endio() may not always\nbe in atomic context and we could actually benefit from doing the\ndecompression in z_erofs_decompressqueue_endio() if we are in\nthread context, for example when running with dm-verity.\nThis optimization was later added in patch [2] which has shown\nimprovement in performance benchmarks.\n\n==============================================\n[1] Problem stacktrace\n[name:core\u0026]BUG: sleeping function called from invalid context at kernel/locking/mutex.c:291\n[name:core\u0026]in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1615, name: CpuMonitorServi\n[name:core\u0026]preempt_count: 0, expected: 0\n[name:core\u0026]RCU nest depth: 1, expected: 0\nCPU: 7 PID: 1615 Comm: CpuMonitorServi Tainted: G S W OE 6.1.25-android14-5-maybe-dirty-mainline #1\nHardware name: MT6897 (DT)\nCall trace:\n dump_backtrace+0x108/0x15c\n show_stack+0x20/0x30\n dump_stack_lvl+0x6c/0x8c\n dump_stack+0x20/0x48\n __might_resched+0x1fc/0x308\n __might_sleep+0x50/0x88\n mutex_lock+0x2c/0x110\n z_erofs_decompress_queue+0x11c/0xc10\n z_erofs_decompress_kickoff+0x110/0x1a4\n z_erofs_decompressqueue_endio+0x154/0x180\n bio_endio+0x1b0/0x1d8\n __dm_io_complete+0x22c/0x280\n clone_endio+0xe4/0x280\n bio_endio+0x1b0/0x1d8\n blk_update_request+0x138/0x3a4\n blk_mq_plug_issue_direct+0xd4/0x19c\n blk_mq_flush_plug_list+0x2b0/0x354\n __blk_flush_plug+0x110/0x160\n blk_finish_plug+0x30/0x4c\n read_pages+0x2fc/0x370\n page_cache_ra_unbounded+0xa4/0x23c\n page_cache_ra_order+0x290/0x320\n do_sync_mmap_readahead+0x108/0x2c0\n filemap_fault+0x19c/0x52c\n __do_fault+0xc4/0x114\n handle_mm_fault+0x5b4/0x1168\n do_page_fault+0x338/0x4b4\n do_translation_fault+0x40/0x60\n do_mem_abort+0x60/0xc8\n el0_da+0x4c/0xe0\n el0t_64_sync_handler+0xd4/0xfc\n el0t_64_sync+0x1a0/0x1a4\n\n[2] Link: https://lore.kernel.org/all/20210317035448.13921-1-huangjianan@oppo.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53231",
"url": "https://www.suse.com/security/cve/CVE-2023-53231"
},
{
"category": "external",
"summary": "SUSE Bug 1249787 for CVE-2023-53231",
"url": "https://bugzilla.suse.com/1249787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53231"
},
{
"cve": "CVE-2023-53235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: helpers: Avoid a driver uaf\n\nwhen using __drm_kunit_helper_alloc_drm_device() the driver may be\ndereferenced by device-managed resources up until the device is\nfreed, which is typically later than the kunit-managed resource code\nfrees it. Fix this by simply make the driver device-managed as well.\n\nIn short, the sequence leading to the UAF is as follows:\n\nINIT:\nCode allocates a struct device as a kunit-managed resource.\nCode allocates a drm driver as a kunit-managed resource.\nCode allocates a drm device as a device-managed resource.\n\nEXIT:\nKunit resource cleanup frees the drm driver\nKunit resource cleanup puts the struct device, which starts a\n device-managed resource cleanup\ndevice-managed cleanup calls drm_dev_put()\ndrm_dev_put() dereferences the (now freed) drm driver -\u003e Boom.\n\nRelated KASAN message:\n[55272.551542] ==================================================================\n[55272.551551] BUG: KASAN: slab-use-after-free in drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551603] Read of size 8 at addr ffff888127502828 by task kunit_try_catch/10353\n\n[55272.551612] CPU: 4 PID: 10353 Comm: kunit_try_catch Tainted: G U N 6.5.0-rc7+ #155\n[55272.551620] Hardware name: ASUS System Product Name/PRIME B560M-A AC, BIOS 0403 01/26/2021\n[55272.551626] Call Trace:\n[55272.551629] \u003cTASK\u003e\n[55272.551633] dump_stack_lvl+0x57/0x90\n[55272.551639] print_report+0xcf/0x630\n[55272.551645] ? _raw_spin_lock_irqsave+0x5f/0x70\n[55272.551652] ? drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551694] kasan_report+0xd7/0x110\n[55272.551699] ? drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551742] drm_dev_put.part.0+0xd4/0xe0 [drm]\n[55272.551783] devres_release_all+0x15d/0x1f0\n[55272.551790] ? __pfx_devres_release_all+0x10/0x10\n[55272.551797] device_unbind_cleanup+0x16/0x1a0\n[55272.551802] device_release_driver_internal+0x3e5/0x540\n[55272.551808] ? kobject_put+0x5d/0x4b0\n[55272.551814] bus_remove_device+0x1f1/0x3f0\n[55272.551819] device_del+0x342/0x910\n[55272.551826] ? __pfx_device_del+0x10/0x10\n[55272.551830] ? lock_release+0x339/0x5e0\n[55272.551836] ? kunit_remove_resource+0x128/0x290 [kunit]\n[55272.551845] ? __pfx_lock_release+0x10/0x10\n[55272.551851] platform_device_del.part.0+0x1f/0x1e0\n[55272.551856] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[55272.551863] kunit_remove_resource+0x195/0x290 [kunit]\n[55272.551871] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[55272.551877] kunit_cleanup+0x78/0x120 [kunit]\n[55272.551885] ? __kthread_parkme+0xc1/0x1f0\n[55272.551891] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [kunit]\n[55272.551900] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [kunit]\n[55272.551909] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit]\n[55272.551919] kthread+0x2e7/0x3c0\n[55272.551924] ? __pfx_kthread+0x10/0x10\n[55272.551929] ret_from_fork+0x2d/0x70\n[55272.551935] ? __pfx_kthread+0x10/0x10\n[55272.551940] ret_from_fork_asm+0x1b/0x30\n[55272.551948] \u003c/TASK\u003e\n\n[55272.551953] Allocated by task 10351:\n[55272.551956] kasan_save_stack+0x1c/0x40\n[55272.551962] kasan_set_track+0x21/0x30\n[55272.551966] __kasan_kmalloc+0x8b/0x90\n[55272.551970] __kmalloc+0x5e/0x160\n[55272.551976] kunit_kmalloc_array+0x1c/0x50 [kunit]\n[55272.551984] drm_exec_test_init+0xfa/0x2c0 [drm_exec_test]\n[55272.551991] kunit_try_run_case+0xdd/0x250 [kunit]\n[55272.551999] kunit_generic_run_threadfn_adapter+0x4a/0x90 [kunit]\n[55272.552008] kthread+0x2e7/0x3c0\n[55272.552012] ret_from_fork+0x2d/0x70\n[55272.552017] ret_from_fork_asm+0x1b/0x30\n\n[55272.552024] Freed by task 10353:\n[55272.552027] kasan_save_stack+0x1c/0x40\n[55272.552032] kasan_set_track+0x21/0x30\n[55272.552036] kasan_save_free_info+0x27/0x40\n[55272.552041] __kasan_slab_free+0x106/0x180\n[55272.552046] slab_free_freelist_hook+0xb3/0x160\n[55272.552051] __kmem_cache_free+0xb2/0x290\n[55272.552056] kunit_remove_resource+0x195/0x290 [kunit]\n[55272.552064] kunit_cleanup+0x7\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53235",
"url": "https://www.suse.com/security/cve/CVE-2023-53235"
},
{
"category": "external",
"summary": "SUSE Bug 1249785 for CVE-2023-53235",
"url": "https://bugzilla.suse.com/1249785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53235"
},
{
"cve": "CVE-2023-53238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()\n\nThe size of array \u0027priv-\u003eports[]\u0027 is INNO_PHY_PORT_NUM.\n\nIn the for loop, \u0027i\u0027 is used as the index for array \u0027priv-\u003eports[]\u0027\nwith a check (i \u003e INNO_PHY_PORT_NUM) which indicates that\nINNO_PHY_PORT_NUM is allowed value for \u0027i\u0027 in the same loop.\n\nThis \u003e comparison needs to be changed to \u003e=, otherwise it potentially leads\nto an out of bounds write on the next iteration through the loop",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53238",
"url": "https://www.suse.com/security/cve/CVE-2023-53238"
},
{
"category": "external",
"summary": "SUSE Bug 1249707 for CVE-2023-53238",
"url": "https://bugzilla.suse.com/1249707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53238"
},
{
"cve": "CVE-2023-53243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: add handling for RAID1C23/DUP to btrfs_reduce_alloc_profile\n\nCallers of `btrfs_reduce_alloc_profile` expect it to return exactly\none allocation profile flag, and failing to do so may ultimately\nresult in a WARN_ON and remount-ro when allocating new blocks, like\nthe below transaction abort on 6.1.\n\n`btrfs_reduce_alloc_profile` has two ways of determining the profile,\nfirst it checks if a conversion balance is currently running and\nuses the profile we\u0027re converting to. If no balance is currently\nrunning, it returns the max-redundancy profile which at least one\nblock in the selected block group has.\n\nThis works by simply checking each known allocation profile bit in\nredundancy order. However, `btrfs_reduce_alloc_profile` has not been\nupdated as new flags have been added - first with the `DUP` profile\nand later with the RAID1C34 profiles.\n\nBecause of the way it checks, if we have blocks with different\nprofiles and at least one is known, that profile will be selected.\nHowever, if none are known we may return a flag set with multiple\nallocation profiles set.\n\nThis is currently only possible when a balance from one of the three\nunhandled profiles to another of the unhandled profiles is canceled\nafter allocating at least one block using the new profile.\n\nIn that case, a transaction abort like the below will occur and the\nfilesystem will need to be mounted with -o skip_balance to get it\nmounted rw again (but the balance cannot be resumed without a\nsimilar abort).\n\n [770.648] ------------[ cut here ]------------\n [770.648] BTRFS: Transaction aborted (error -22)\n [770.648] WARNING: CPU: 43 PID: 1159593 at fs/btrfs/extent-tree.c:4122 find_free_extent+0x1d94/0x1e00 [btrfs]\n [770.648] CPU: 43 PID: 1159593 Comm: btrfs Tainted: G W 6.1.0-0.deb11.7-powerpc64le #1 Debian 6.1.20-2~bpo11+1a~test\n [770.648] Hardware name: T2P9D01 REV 1.00 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV\n [770.648] NIP: c00800000f6784fc LR: c00800000f6784f8 CTR: c000000000d746c0\n [770.648] REGS: c000200089afe9a0 TRAP: 0700 Tainted: G W (6.1.0-0.deb11.7-powerpc64le Debian 6.1.20-2~bpo11+1a~test)\n [770.648] MSR: 9000000002029033 \u003cSF,HV,VEC,EE,ME,IR,DR,RI,LE\u003e CR: 28848282 XER: 20040000\n [770.648] CFAR: c000000000135110 IRQMASK: 0\n\t GPR00: c00800000f6784f8 c000200089afec40 c00800000f7ea800 0000000000000026\n\t GPR04: 00000001004820c2 c000200089afea00 c000200089afe9f8 0000000000000027\n\t GPR08: c000200ffbfe7f98 c000000002127f90 ffffffffffffffd8 0000000026d6a6e8\n\t GPR12: 0000000028848282 c000200fff7f3800 5deadbeef0000122 c00000002269d000\n\t GPR16: c0002008c7797c40 c000200089afef17 0000000000000000 0000000000000000\n\t GPR20: 0000000000000000 0000000000000001 c000200008bc5a98 0000000000000001\n\t GPR24: 0000000000000000 c0000003c73088d0 c000200089afef17 c000000016d3a800\n\t GPR28: c0000003c7308800 c00000002269d000 ffffffffffffffea 0000000000000001\n [770.648] NIP [c00800000f6784fc] find_free_extent+0x1d94/0x1e00 [btrfs]\n [770.648] LR [c00800000f6784f8] find_free_extent+0x1d90/0x1e00 [btrfs]\n [770.648] Call Trace:\n [770.648] [c000200089afec40] [c00800000f6784f8] find_free_extent+0x1d90/0x1e00 [btrfs] (unreliable)\n [770.648] [c000200089afed30] [c00800000f681398] btrfs_reserve_extent+0x1a0/0x2f0 [btrfs]\n [770.648] [c000200089afeea0] [c00800000f681bf0] btrfs_alloc_tree_block+0x108/0x670 [btrfs]\n [770.648] [c000200089afeff0] [c00800000f66bd68] __btrfs_cow_block+0x170/0x850 [btrfs]\n [770.648] [c000200089aff100] [c00800000f66c58c] btrfs_cow_block+0x144/0x288 [btrfs]\n [770.648] [c000200089aff1b0] [c00800000f67113c] btrfs_search_slot+0x6b4/0xcb0 [btrfs]\n [770.648] [c000200089aff2a0] [c00800000f679f60] lookup_inline_extent_backref+0x128/0x7c0 [btrfs]\n [770.648] [c000200089aff3b0] [c00800000f67b338] lookup_extent_backref+0x70/0x190 [btrfs]\n [770.648] [c000200089aff470] [c00800000f67b54c] __btrfs_free_extent+0xf4/0x1490 [btrfs]\n [770.648] [\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53243",
"url": "https://www.suse.com/security/cve/CVE-2023-53243"
},
{
"category": "external",
"summary": "SUSE Bug 1249640 for CVE-2023-53243",
"url": "https://bugzilla.suse.com/1249640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53243"
},
{
"cve": "CVE-2023-53245",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53245"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: storvsc: Fix handling of virtual Fibre Channel timeouts\n\nHyper-V provides the ability to connect Fibre Channel LUNs to the host\nsystem and present them in a guest VM as a SCSI device. I/O to the vFC\ndevice is handled by the storvsc driver. The storvsc driver includes a\npartial integration with the FC transport implemented in the generic\nportion of the Linux SCSI subsystem so that FC attributes can be displayed\nin /sys. However, the partial integration means that some aspects of vFC\ndon\u0027t work properly. Unfortunately, a full and correct integration isn\u0027t\npractical because of limitations in what Hyper-V provides to the guest.\n\nIn particular, in the context of Hyper-V storvsc, the FC transport timeout\nfunction fc_eh_timed_out() causes a kernel panic because it can\u0027t find the\nrport and dereferences a NULL pointer. The original patch that added the\ncall from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this\nregard.\n\nIn many cases a timeout is due to a transient condition, so the situation\ncan be improved by just continuing to wait like with other I/O requests\nissued by storvsc, and avoiding the guaranteed panic. For a permanent\nfailure, continuing to wait may result in a hung thread instead of a panic,\nwhich again may be better.\n\nSo fix the panic by removing the storvsc call to fc_eh_timed_out(). This\nallows storvsc to keep waiting for a response. The change has been tested\nby users who experienced a panic in fc_eh_timed_out() due to transient\ntimeouts, and it solves their problem.\n\nIn the future we may want to deprecate the vFC functionality in storvsc\nsince it can\u0027t be fully fixed. But it has current users for whom it is\nworking well enough, so it should probably stay for a while longer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53245",
"url": "https://www.suse.com/security/cve/CVE-2023-53245"
},
{
"category": "external",
"summary": "SUSE Bug 1249641 for CVE-2023-53245",
"url": "https://bugzilla.suse.com/1249641"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53245"
},
{
"cve": "CVE-2023-53247",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53247"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand\n\nWhile trying to get the subpage blocksize tests running, I hit the\nfollowing panic on generic/476\n\n assertion failed: PagePrivate(page) \u0026\u0026 page-\u003eprivate, in fs/btrfs/subpage.c:229\n kernel BUG at fs/btrfs/subpage.c:229!\n Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n CPU: 1 PID: 1453 Comm: fsstress Not tainted 6.4.0-rc7+ #12\n Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20230301gitf80f052277c8-26.fc38 03/01/2023\n pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n pc : btrfs_subpage_assert+0xbc/0xf0\n lr : btrfs_subpage_assert+0xbc/0xf0\n Call trace:\n btrfs_subpage_assert+0xbc/0xf0\n btrfs_subpage_clear_checked+0x38/0xc0\n btrfs_page_clear_checked+0x48/0x98\n btrfs_truncate_block+0x5d0/0x6a8\n btrfs_cont_expand+0x5c/0x528\n btrfs_write_check.isra.0+0xf8/0x150\n btrfs_buffered_write+0xb4/0x760\n btrfs_do_write_iter+0x2f8/0x4b0\n btrfs_file_write_iter+0x1c/0x30\n do_iter_readv_writev+0xc8/0x158\n do_iter_write+0x9c/0x210\n vfs_iter_write+0x24/0x40\n iter_file_splice_write+0x224/0x390\n direct_splice_actor+0x38/0x68\n splice_direct_to_actor+0x12c/0x260\n do_splice_direct+0x90/0xe8\n generic_copy_file_range+0x50/0x90\n vfs_copy_file_range+0x29c/0x470\n __arm64_sys_copy_file_range+0xcc/0x498\n invoke_syscall.constprop.0+0x80/0xd8\n do_el0_svc+0x6c/0x168\n el0_svc+0x50/0x1b0\n el0t_64_sync_handler+0x114/0x120\n el0t_64_sync+0x194/0x198\n\nThis happens because during btrfs_cont_expand we\u0027ll get a page, set it\nas mapped, and if it\u0027s not Uptodate we\u0027ll read it. However between the\nread and re-locking the page we could have called release_folio() on the\npage, but left the page in the file mapping. release_folio() can clear\nthe page private, and thus further down we blow up when we go to modify\nthe subpage bits.\n\nFix this by putting the set_page_extent_mapped() after the read. This\nis safe because read_folio() will call set_page_extent_mapped() before\nit does the read, and then if we clear page private but leave it on the\nmapping we\u0027re completely safe re-setting set_page_extent_mapped(). With\nthis patch I can now run generic/476 without panicing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53247",
"url": "https://www.suse.com/security/cve/CVE-2023-53247"
},
{
"category": "external",
"summary": "SUSE Bug 1249870 for CVE-2023-53247",
"url": "https://bugzilla.suse.com/1249870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53247"
},
{
"cve": "CVE-2023-53248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53248"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: install stub fence into potential unused fence pointers\n\nWhen using cpu to update page tables, vm update fences are unused.\nInstall stub fence into these fence pointers instead of NULL\nto avoid NULL dereference when calling dma_fence_wait() on them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53248",
"url": "https://www.suse.com/security/cve/CVE-2023-53248"
},
{
"category": "external",
"summary": "SUSE Bug 1249779 for CVE-2023-53248",
"url": "https://bugzilla.suse.com/1249779"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53248"
},
{
"cve": "CVE-2023-53249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53249"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe\n\nUse devm_of_iomap() instead of of_iomap() to automatically handle\nthe unused ioremap region.\n\nIf any error occurs, regions allocated by kzalloc() will leak,\nbut using devm_kzalloc() instead will automatically free the memory\nusing devm_kfree().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53249",
"url": "https://www.suse.com/security/cve/CVE-2023-53249"
},
{
"category": "external",
"summary": "SUSE Bug 1249642 for CVE-2023-53249",
"url": "https://bugzilla.suse.com/1249642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53249"
},
{
"cve": "CVE-2023-53251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53251"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler()\n\nrxq can be NULL only when trans_pcie-\u003erxq is NULL and entry-\u003eentry\nis zero. For the case when entry-\u003eentry is not equal to 0, rxq\nwon\u0027t be NULL even if trans_pcie-\u003erxq is NULL. Modify checker to\ncheck for trans_pcie-\u003erxq.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53251",
"url": "https://www.suse.com/security/cve/CVE-2023-53251"
},
{
"category": "external",
"summary": "SUSE Bug 1249730 for CVE-2023-53251",
"url": "https://bugzilla.suse.com/1249730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53251"
},
{
"cve": "CVE-2023-53252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53252"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: use RCU for hci_conn_params and iterate safely in hci_sync\n\nhci_update_accept_list_sync iterates over hdev-\u003epend_le_conns and\nhdev-\u003epend_le_reports, and waits for controller events in the loop body,\nwithout holding hdev lock.\n\nMeanwhile, these lists and the items may be modified e.g. by\nle_scan_cleanup. This can invalidate the list cursor or any other item\nin the list, resulting to invalid behavior (eg use-after-free).\n\nUse RCU for the hci_conn_params action lists. Since the loop bodies in\nhci_sync block and we cannot use RCU or hdev-\u003elock for the whole loop,\ncopy list items first and then iterate on the copy. Only the flags field\nis written from elsewhere, so READ_ONCE/WRITE_ONCE should guarantee we\nread valid values.\n\nFree params everywhere with hci_conn_params_free so the cleanup is\nguaranteed to be done properly.\n\nThis fixes the following, which can be triggered e.g. by BlueZ new\nmgmt-tester case \"Add + Remove Device Nowait - Success\", or by changing\nhci_le_set_cig_params to always return false, and running iso-tester:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\nRead of size 8 at addr ffff888001265018 by task kworker/u3:0/32\n\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl (./arch/x86/include/asm/irqflags.h:134 lib/dump_stack.c:107)\nprint_report (mm/kasan/report.c:320 mm/kasan/report.c:430)\n? __virt_addr_valid (./include/linux/mmzone.h:1915 ./include/linux/mmzone.h:2011 arch/x86/mm/physaddr.c:65)\n? hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\nkasan_report (mm/kasan/report.c:538)\n? hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\nhci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2536 net/bluetooth/hci_sync.c:2723 net/bluetooth/hci_sync.c:2841)\n? __pfx_hci_update_passive_scan_sync (net/bluetooth/hci_sync.c:2780)\n? mutex_lock (kernel/locking/mutex.c:282)\n? __pfx_mutex_lock (kernel/locking/mutex.c:282)\n? __pfx_mutex_unlock (kernel/locking/mutex.c:538)\n? __pfx_update_passive_scan_sync (net/bluetooth/hci_sync.c:2861)\nhci_cmd_sync_work (net/bluetooth/hci_sync.c:306)\nprocess_one_work (./arch/x86/include/asm/preempt.h:27 kernel/workqueue.c:2399)\nworker_thread (./include/linux/list.h:292 kernel/workqueue.c:2538)\n? __pfx_worker_thread (kernel/workqueue.c:2480)\nkthread (kernel/kthread.c:376)\n? __pfx_kthread (kernel/kthread.c:331)\nret_from_fork (arch/x86/entry/entry_64.S:314)\n\u003c/TASK\u003e\n\nAllocated by task 31:\nkasan_save_stack (mm/kasan/common.c:46)\nkasan_set_track (mm/kasan/common.c:52)\n__kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)\nhci_conn_params_add (./include/linux/slab.h:580 ./include/linux/slab.h:720 net/bluetooth/hci_core.c:2277)\nhci_connect_le_scan (net/bluetooth/hci_conn.c:1419 net/bluetooth/hci_conn.c:1589)\nhci_connect_cis (net/bluetooth/hci_conn.c:2266)\niso_connect_cis (net/bluetooth/iso.c:390)\niso_sock_connect (net/bluetooth/iso.c:899)\n__sys_connect (net/socket.c:2003 net/socket.c:2020)\n__x64_sys_connect (net/socket.c:2027)\ndo_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\n\nFreed by task 15:\nkasan_save_stack (mm/kasan/common.c:46)\nkasan_set_track (mm/kasan/common.c:52)\nkasan_save_free_info (mm/kasan/generic.c:523)\n__kasan_slab_free (mm/kasan/common.c:238 mm/kasan/common.c:200 mm/kasan/common.c:244)\n__kmem_cache_free (mm/slub.c:1807 mm/slub.c:3787 mm/slub.c:3800)\nhci_conn_params_del (net/bluetooth/hci_core.c:2323)\nle_scan_cleanup (net/bluetooth/hci_conn.c:202)\nprocess_one_work (./arch/x86/include/asm/preempt.\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53252",
"url": "https://www.suse.com/security/cve/CVE-2023-53252"
},
{
"category": "external",
"summary": "SUSE Bug 1249756 for CVE-2023-53252",
"url": "https://bugzilla.suse.com/1249756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53252"
},
{
"cve": "CVE-2023-53255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool()\n\nsvc_create_memory_pool() is only called from stratix10_svc_drv_probe().\nMost of resources in the probe are managed, but not this memremap() call.\n\nThere is also no memunmap() call in the file.\n\nSo switch to devm_memremap() to avoid a resource leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53255",
"url": "https://www.suse.com/security/cve/CVE-2023-53255"
},
{
"category": "external",
"summary": "SUSE Bug 1249762 for CVE-2023-53255",
"url": "https://bugzilla.suse.com/1249762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53255"
},
{
"cve": "CVE-2023-53257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53257"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check S1G action frame size\n\nBefore checking the action code, check that it even\nexists in the frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53257",
"url": "https://www.suse.com/security/cve/CVE-2023-53257"
},
{
"category": "external",
"summary": "SUSE Bug 1249869 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1249869"
},
{
"category": "external",
"summary": "SUSE Bug 1250730 for CVE-2023-53257",
"url": "https://bugzilla.suse.com/1250730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53257"
},
{
"cve": "CVE-2023-53258",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53258"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix possible underflow for displays with large vblank\n\n[Why]\nUnderflow observed when using a display with a large vblank region\nand low refresh rate\n\n[How]\nSimplify calculation of vblank_nom\n\nIncrease value for VBlankNomDefaultUS to 800us",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53258",
"url": "https://www.suse.com/security/cve/CVE-2023-53258"
},
{
"category": "external",
"summary": "SUSE Bug 1249780 for CVE-2023-53258",
"url": "https://bugzilla.suse.com/1249780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53258"
},
{
"cve": "CVE-2023-53260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53260"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix null pointer dereference in ovl_permission()\n\nFollowing process:\n P1 P2\n path_lookupat\n link_path_walk\n inode_permission\n ovl_permission\n ovl_i_path_real(inode, \u0026realpath)\n path-\u003edentry = ovl_i_dentry_upper(inode)\n drop_cache\n\t\t\t __dentry_kill(ovl_dentry)\n\t\t iput(ovl_inode)\n\t\t ovl_destroy_inode(ovl_inode)\n\t\t dput(oi-\u003e__upperdentry)\n\t\t dentry_kill(upperdentry)\n\t\t dentry_unlink_inode\n\t\t\t\t upperdentry-\u003ed_inode = NULL\n realinode = d_inode(realpath.dentry) // return NULL\n inode_permission(realinode)\n inode-\u003ei_sb // NULL pointer dereference\n, will trigger an null pointer dereference at realinode:\n [ 335.664979] BUG: kernel NULL pointer dereference,\n address: 0000000000000002\n [ 335.668032] CPU: 0 PID: 2592 Comm: ls Not tainted 6.3.0\n [ 335.669956] RIP: 0010:inode_permission+0x33/0x2c0\n [ 335.678939] Call Trace:\n [ 335.679165] \u003cTASK\u003e\n [ 335.679371] ovl_permission+0xde/0x320\n [ 335.679723] inode_permission+0x15e/0x2c0\n [ 335.680090] link_path_walk+0x115/0x550\n [ 335.680771] path_lookupat.isra.0+0xb2/0x200\n [ 335.681170] filename_lookup+0xda/0x240\n [ 335.681922] vfs_statx+0xa6/0x1f0\n [ 335.682233] vfs_fstatat+0x7b/0xb0\n\nFetch a reproducer in [Link].\n\nUse the helper ovl_i_path_realinode() to get realinode and then do\nnon-nullptr checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53260",
"url": "https://www.suse.com/security/cve/CVE-2023-53260"
},
{
"category": "external",
"summary": "SUSE Bug 1249768 for CVE-2023-53260",
"url": "https://bugzilla.suse.com/1249768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53260"
},
{
"cve": "CVE-2023-53263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53263"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create\n\nWe can\u0027t simply free the connector after calling drm_connector_init on it.\nWe need to clean up the drm side first.\n\nIt might not fix all regressions from commit 2b5d1c29f6c4\n(\"drm/nouveau/disp: PIOR DP uses GPIO for HPD, not PMGR AUX interrupts\"),\nbut at least it fixes a memory corruption in error handling related to\nthat commit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53263",
"url": "https://www.suse.com/security/cve/CVE-2023-53263"
},
{
"category": "external",
"summary": "SUSE Bug 1249861 for CVE-2023-53263",
"url": "https://bugzilla.suse.com/1249861"
},
{
"category": "external",
"summary": "SUSE Bug 1253190 for CVE-2023-53263",
"url": "https://bugzilla.suse.com/1253190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53263"
},
{
"cve": "CVE-2023-53264",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53264"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe\n\nUse devm_of_iomap() instead of of_iomap() to automatically\nhandle the unused ioremap region. If any error occurs, regions allocated by\nkzalloc() will leak, but using devm_kzalloc() instead will automatically\nfree the memory using devm_kfree().\n\nAlso, fix error handling of hws by adding unregister_hws label, which\nunregisters remaining hws when iomap failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53264",
"url": "https://www.suse.com/security/cve/CVE-2023-53264"
},
{
"category": "external",
"summary": "SUSE Bug 1249795 for CVE-2023-53264",
"url": "https://bugzilla.suse.com/1249795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53264"
},
{
"cve": "CVE-2023-53272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: fix shift-out-of-bounds in exponential backoff\n\nThe ENA adapters on our instances occasionally reset. Once recently\nlogged a UBSAN failure to console in the process:\n\n UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13\n shift exponent 32 is too large for 32-bit type \u0027unsigned int\u0027\n CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117\n Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017\n Workqueue: ena ena_fw_reset_device [ena]\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e\n ? __const_udelay+0x43/0x50\n ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena]\n wait_for_reset_state+0x54/0xa0 [ena]\n ena_com_dev_reset+0xc8/0x110 [ena]\n ena_down+0x3fe/0x480 [ena]\n ena_destroy_device+0xeb/0xf0 [ena]\n ena_fw_reset_device+0x30/0x50 [ena]\n process_one_work+0x22b/0x3d0\n worker_thread+0x4d/0x3f0\n ? process_one_work+0x3d0/0x3d0\n kthread+0x12a/0x150\n ? set_kthread_struct+0x50/0x50\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nApparently, the reset delays are getting so large they can trigger a\nUBSAN panic.\n\nLooking at the code, the current timeout is capped at 5000us. Using a\nbase value of 100us, the current code will overflow after (1\u003c\u003c29). Even\nat values before 32, this function wraps around, perhaps\nunintentionally.\n\nCap the value of the exponent used for this backoff at (1\u003c\u003c16) which is\nlarger than currently necessary, but large enough to support bigger\nvalues in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53272",
"url": "https://www.suse.com/security/cve/CVE-2023-53272"
},
{
"category": "external",
"summary": "SUSE Bug 1249917 for CVE-2023-53272",
"url": "https://bugzilla.suse.com/1249917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53272"
},
{
"cve": "CVE-2023-53274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: mt8183: Add back SSPM related clocks\n\nThis reverts commit 860690a93ef23b567f781c1b631623e27190f101.\n\nOn the MT8183, the SSPM related clocks were removed claiming a lack of\nusage. This however causes some issues when the driver was converted to\nthe new simple-probe mechanism. This mechanism allocates enough space\nfor all the clocks defined in the clock driver, not the highest index\nin the DT binding. This leads to out-of-bound writes if their are holes\nin the DT binding or the driver (due to deprecated or unimplemented\nclocks). These errors can go unnoticed and cause memory corruption,\nleading to crashes in unrelated areas, or nothing at all. KASAN will\ndetect them.\n\nAdd the SSPM related clocks back to the MT8183 clock driver to fully\nimplement the DT binding. The SSPM clocks are for the power management\nco-processor, and should never be turned off. They are marked as such.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53274",
"url": "https://www.suse.com/security/cve/CVE-2023-53274"
},
{
"category": "external",
"summary": "SUSE Bug 1249919 for CVE-2023-53274",
"url": "https://bugzilla.suse.com/1249919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53274"
},
{
"cve": "CVE-2023-53275",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53275"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()\n\nThe variable codec-\u003eregmap is often protected by the lock\ncodec-\u003eregmap_lock when is accessed. However, it is accessed without\nholding the lock when is accessed in snd_hdac_regmap_sync():\n\n if (codec-\u003eregmap)\n\nIn my opinion, this may be a harmful race, because if codec-\u003eregmap is\nset to NULL right after the condition is checked, a null-pointer\ndereference can occur in the called function regcache_sync():\n\n map-\u003elock(map-\u003elock_arg); --\u003e Line 360 in drivers/base/regmap/regcache.c\n\nTo fix this possible null-pointer dereference caused by data race, the\nmutex_lock coverage is extended to protect the if statement as well as the\nfunction call to regcache_sync().\n\n[ Note: the lack of the regmap_lock itself is harmless for the current\n codec driver implementations, as snd_hdac_regmap_sync() is only for\n PM runtime resume that is prohibited during the codec probe.\n But the change makes the whole code more consistent, so it\u0027s merged\n as is -- tiwai ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53275",
"url": "https://www.suse.com/security/cve/CVE-2023-53275"
},
{
"category": "external",
"summary": "SUSE Bug 1250459 for CVE-2023-53275",
"url": "https://bugzilla.suse.com/1250459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53275"
},
{
"cve": "CVE-2023-53280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53280"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Remove unused nvme_ls_waitq wait queue\n\nSystem crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up\ngets called for uninitialized wait queue sp-\u003envme_ls_waitq.\n\n qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0\n qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __wake_up_common_lock+0x7c/0xc0\n qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n\nRemove unused nvme_ls_waitq wait queue. nvme_ls_waitq logic was removed\npreviously in the commits tagged Fixed: below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53280",
"url": "https://www.suse.com/security/cve/CVE-2023-53280"
},
{
"category": "external",
"summary": "SUSE Bug 1249938 for CVE-2023-53280",
"url": "https://bugzilla.suse.com/1249938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53280"
},
{
"cve": "CVE-2023-53286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53286"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Return the firmware result upon destroying QP/RQ\n\nPreviously when destroying a QP/RQ, the result of the firmware\ndestruction function was ignored and upper layers weren\u0027t informed\nabout the failure.\nWhich in turn could lead to various problems since when upper layer\nisn\u0027t aware of the failure it continues its operation thinking that the\nrelated QP/RQ was successfully destroyed while it actually wasn\u0027t,\nwhich could lead to the below kernel WARN.\n\nCurrently, we return the correct firmware destruction status to upper\nlayers which in case of the RQ would be mlx5_ib_destroy_wq() which\nwas already capable of handling RQ destruction failure or in case of\na QP to destroy_qp_common(), which now would actually warn upon qp\ndestruction failure.\n\nWARNING: CPU: 3 PID: 995 at drivers/infiniband/core/rdma_core.c:940 uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]\nModules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core overlay mlx5_core fuse\nCPU: 3 PID: 995 Comm: python3 Not tainted 5.16.0-rc5+ #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:uverbs_destroy_ufile_hw+0xcb/0xe0 [ib_uverbs]\nCode: 41 5c 41 5d 41 5e e9 44 34 f0 e0 48 89 df e8 4c 77 ff ff 49 8b 86 10 01 00 00 48 85 c0 74 a1 4c 89 e7 ff d0 eb 9a 0f 0b eb c1 \u003c0f\u003e 0b be 04 00 00 00 48 89 df e8 b6 f6 ff ff e9 75 ff ff ff 90 0f\nRSP: 0018:ffff8881533e3e78 EFLAGS: 00010287\nRAX: ffff88811b2cf3e0 RBX: ffff888106209700 RCX: 0000000000000000\nRDX: ffff888106209780 RSI: ffff8881533e3d30 RDI: ffff888109b101a0\nRBP: 0000000000000001 R08: ffff888127cb381c R09: 0de9890000000009\nR10: ffff888127cb3800 R11: 0000000000000000 R12: ffff888106209780\nR13: ffff888106209750 R14: ffff888100f20660 R15: 0000000000000000\nFS: 00007f8be353b740(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8bd5b117c0 CR3: 000000012cd8a004 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ib_uverbs_close+0x1a/0x90 [ib_uverbs]\n __fput+0x82/0x230\n task_work_run+0x59/0x90\n exit_to_user_mode_prepare+0x138/0x140\n syscall_exit_to_user_mode+0x1d/0x50\n ? __x64_sys_close+0xe/0x40\n do_syscall_64+0x4a/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f8be3ae0abb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 83 43 f9 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 c1 43 f9 ff 8b 44\nRSP: 002b:00007ffdb51909c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000557bb7f7c020 RCX: 00007f8be3ae0abb\nRDX: 0000557bb7c74010 RSI: 0000557bb7f14ca0 RDI: 0000000000000005\nRBP: 0000557bb7fbd598 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000293 R12: 0000557bb7fbd5b8\nR13: 0000557bb7fbd5a8 R14: 0000000000001000 R15: 0000557bb7f7c020\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53286",
"url": "https://www.suse.com/security/cve/CVE-2023-53286"
},
{
"category": "external",
"summary": "SUSE Bug 1250325 for CVE-2023-53286",
"url": "https://bugzilla.suse.com/1250325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53286"
},
{
"cve": "CVE-2023-53287",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53287"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: Put the cdns set active part outside the spin lock\n\nThe device may be scheduled during the resume process,\nso this cannot appear in atomic operations. Since\npm_runtime_set_active will resume suppliers, put set\nactive outside the spin lock, which is only used to\nprotect the struct cdns data structure, otherwise the\nkernel will report the following warning:\n\n BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1163\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 651, name: sh\n preempt_count: 1, expected: 0\n RCU nest depth: 0, expected: 0\n CPU: 0 PID: 651 Comm: sh Tainted: G WC 6.1.20 #1\n Hardware name: Freescale i.MX8QM MEK (DT)\n Call trace:\n dump_backtrace.part.0+0xe0/0xf0\n show_stack+0x18/0x30\n dump_stack_lvl+0x64/0x80\n dump_stack+0x1c/0x38\n __might_resched+0x1fc/0x240\n __might_sleep+0x68/0xc0\n __pm_runtime_resume+0x9c/0xe0\n rpm_get_suppliers+0x68/0x1b0\n __pm_runtime_set_status+0x298/0x560\n cdns_resume+0xb0/0x1c0\n cdns3_controller_resume.isra.0+0x1e0/0x250\n cdns3_plat_resume+0x28/0x40",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53287",
"url": "https://www.suse.com/security/cve/CVE-2023-53287"
},
{
"category": "external",
"summary": "SUSE Bug 1250089 for CVE-2023-53287",
"url": "https://bugzilla.suse.com/1250089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53287"
},
{
"cve": "CVE-2023-53288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53288"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fix memory leak in drm_client_modeset_probe\n\nWhen a new mode is set to modeset-\u003emode, the previous mode should be freed.\nThis fixes the following kmemleak report:\n\ndrm_mode_duplicate+0x45/0x220 [drm]\ndrm_client_modeset_probe+0x944/0xf50 [drm]\n__drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]\ndrm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]\ndrm_client_register+0x169/0x240 [drm]\nast_pci_probe+0x142/0x190 [ast]\nlocal_pci_probe+0xdc/0x180\nwork_for_cpu_fn+0x4e/0xa0\nprocess_one_work+0x8b7/0x1540\nworker_thread+0x70a/0xed0\nkthread+0x29f/0x340\nret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53288",
"url": "https://www.suse.com/security/cve/CVE-2023-53288"
},
{
"category": "external",
"summary": "SUSE Bug 1250058 for CVE-2023-53288",
"url": "https://bugzilla.suse.com/1250058"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53288"
},
{
"cve": "CVE-2023-53291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53291"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/rcuscale: Stop kfree_scale_thread thread(s) after unloading rcuscale\n\nRunning the \u0027kfree_rcu_test\u0027 test case [1] results in a splat [2].\nThe root cause is the kfree_scale_thread thread(s) continue running\nafter unloading the rcuscale module. This commit fixes that isue by\ninvoking kfree_scale_cleanup() from rcu_scale_cleanup() when removing\nthe rcuscale module.\n\n[1] modprobe rcuscale kfree_rcu_test=1\n // After some time\n rmmod rcuscale\n rmmod torture\n\n[2] BUG: unable to handle page fault for address: ffffffffc0601a87\n #PF: supervisor instruction fetch in kernel mode\n #PF: error_code(0x0010) - not-present page\n PGD 11de4f067 P4D 11de4f067 PUD 11de51067 PMD 112f4d067 PTE 0\n Oops: 0010 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 1798 Comm: kfree_scale_thr Not tainted 6.3.0-rc1-rcu+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015\n RIP: 0010:0xffffffffc0601a87\n Code: Unable to access opcode bytes at 0xffffffffc0601a5d.\n RSP: 0018:ffffb25bc2e57e18 EFLAGS: 00010297\n RAX: 0000000000000000 RBX: ffffffffc061f0b6 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffffff962fd0de RDI: ffffffff962fd0de\n RBP: ffffb25bc2e57ea8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000\n R13: 0000000000000000 R14: 000000000000000a R15: 00000000001c1dbe\n FS: 0000000000000000(0000) GS:ffff921fa2200000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffffc0601a5d CR3: 000000011de4c006 CR4: 0000000000370ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \u003cTASK\u003e\n ? kvfree_call_rcu+0xf0/0x3a0\n ? kthread+0xf3/0x120\n ? kthread_complete_and_exit+0x20/0x20\n ? ret_from_fork+0x1f/0x30\n \u003c/TASK\u003e\n Modules linked in: rfkill sunrpc ... [last unloaded: torture]\n CR2: ffffffffc0601a87\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53291",
"url": "https://www.suse.com/security/cve/CVE-2023-53291"
},
{
"category": "external",
"summary": "SUSE Bug 1249926 for CVE-2023-53291",
"url": "https://bugzilla.suse.com/1249926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53291"
},
{
"cve": "CVE-2023-53292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix NULL dereference on q-\u003eelevator in blk_mq_elv_switch_none\n\nAfter grabbing q-\u003esysfs_lock, q-\u003eelevator may become NULL because of\nelevator switch.\n\nFix the NULL dereference on q-\u003eelevator by checking it with lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53292",
"url": "https://www.suse.com/security/cve/CVE-2023-53292"
},
{
"category": "external",
"summary": "SUSE Bug 1250163 for CVE-2023-53292",
"url": "https://bugzilla.suse.com/1250163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53292"
},
{
"cve": "CVE-2023-53303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53303"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()\n\nInject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak\noccurs. If kzalloc() for duprule succeeds, but the following\nkmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree\nthem in the error path.\n\nunreferenced object 0xffff122744c50600 (size 192):\n comm \"kunit_try_catch\", pid 346, jiffies 4294896122 (age 911.812s)\n hex dump (first 32 bytes):\n 10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00 .\u0027..........,...\n 00 00 00 00 00 00 00 00 18 06 c5 44 27 12 ff ff ...........D\u0027...\n backtrace:\n [\u003c00000000394b0db8\u003e] __kmem_cache_alloc_node+0x274/0x2f8\n [\u003c0000000001bedc67\u003e] kmalloc_trace+0x38/0x88\n [\u003c00000000b0612f98\u003e] vcap_dup_rule+0x50/0x460\n [\u003c000000005d2d3aca\u003e] vcap_add_rule+0x8cc/0x1038\n [\u003c00000000eef9d0f8\u003e] test_vcap_xn_rule_creator.constprop.0.isra.0+0x238/0x494\n [\u003c00000000cbda607b\u003e] vcap_api_rule_remove_in_front_test+0x1ac/0x698\n [\u003c00000000c8766299\u003e] kunit_try_run_case+0xe0/0x20c\n [\u003c00000000c4fe9186\u003e] kunit_generic_run_threadfn_adapter+0x50/0x94\n [\u003c00000000f6864acf\u003e] kthread+0x2e8/0x374\n [\u003c0000000022e639b3\u003e] ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53303",
"url": "https://www.suse.com/security/cve/CVE-2023-53303"
},
{
"category": "external",
"summary": "SUSE Bug 1249896 for CVE-2023-53303",
"url": "https://bugzilla.suse.com/1249896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53303"
},
{
"cve": "CVE-2023-53304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: fix overlap expiration walk\n\nThe lazy gc on insert that should remove timed-out entries fails to release\nthe other half of the interval, if any.\n\nCan be reproduced with tests/shell/testcases/sets/0044interval_overlap_0\nin nftables.git and kmemleak enabled kernel.\n\nSecond bug is the use of rbe_prev vs. prev pointer.\nIf rbe_prev() returns NULL after at least one iteration, rbe_prev points\nto element that is not an end interval, hence it should not be removed.\n\nLastly, check the genmask of the end interval if this is active in the\ncurrent generation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53304",
"url": "https://www.suse.com/security/cve/CVE-2023-53304"
},
{
"category": "external",
"summary": "SUSE Bug 1249923 for CVE-2023-53304",
"url": "https://bugzilla.suse.com/1249923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53304"
},
{
"cve": "CVE-2023-53305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53305"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free\n\nFix potential use-after-free in l2cap_le_command_rej.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53305",
"url": "https://www.suse.com/security/cve/CVE-2023-53305"
},
{
"category": "external",
"summary": "SUSE Bug 1250049 for CVE-2023-53305",
"url": "https://bugzilla.suse.com/1250049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53305"
},
{
"cve": "CVE-2023-53309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53309"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: Fix integer overflow in radeon_cs_parser_init\n\nThe type of size is unsigned, if size is 0x40000000, there will be an\ninteger overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53309",
"url": "https://www.suse.com/security/cve/CVE-2023-53309"
},
{
"category": "external",
"summary": "SUSE Bug 1250055 for CVE-2023-53309",
"url": "https://bugzilla.suse.com/1250055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53309"
},
{
"cve": "CVE-2023-53311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53311"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput\n\nDuring unmount process of nilfs2, nothing holds nilfs_root structure after\nnilfs2 detaches its writer in nilfs_detach_log_writer(). Previously,\nnilfs_evict_inode() could cause use-after-free read for nilfs_root if\ninodes are left in \"garbage_list\" and released by nilfs_dispose_list at\nthe end of nilfs_detach_log_writer(), and this bug was fixed by commit\n9b5a04ac3ad9 (\"nilfs2: fix use-after-free bug of nilfs_root in\nnilfs_evict_inode()\").\n\nHowever, it turned out that there is another possibility of UAF in the\ncall path where mark_inode_dirty_sync() is called from iput():\n\nnilfs_detach_log_writer()\n nilfs_dispose_list()\n iput()\n mark_inode_dirty_sync()\n __mark_inode_dirty()\n nilfs_dirty_inode()\n __nilfs_mark_inode_dirty()\n nilfs_load_inode_block() --\u003e causes UAF of nilfs_root struct\n\nThis can happen after commit 0ae45f63d4ef (\"vfs: add support for a\nlazytime mount option\"), which changed iput() to call\nmark_inode_dirty_sync() on its final reference if i_state has I_DIRTY_TIME\nflag and i_nlink is non-zero.\n\nThis issue appears after commit 28a65b49eb53 (\"nilfs2: do not write dirty\ndata after degenerating to read-only\") when using the syzbot reproducer,\nbut the issue has potentially existed before.\n\nFix this issue by adding a \"purging flag\" to the nilfs structure, setting\nthat flag while disposing the \"garbage_list\" and checking it in\n__nilfs_mark_inode_dirty().\n\nUnlike commit 9b5a04ac3ad9 (\"nilfs2: fix use-after-free bug of nilfs_root\nin nilfs_evict_inode()\"), this patch does not rely on ns_writer to\ndetermine whether to skip operations, so as not to break recovery on\nmount. The nilfs_salvage_orphan_logs routine dirties the buffer of\nsalvaged data before attaching the log writer, so changing\n__nilfs_mark_inode_dirty() to skip the operation when ns_writer is NULL\nwill cause recovery write to fail. The purpose of using the cleanup-only\nflag is to allow for narrowing of such conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53311",
"url": "https://www.suse.com/security/cve/CVE-2023-53311"
},
{
"category": "external",
"summary": "SUSE Bug 1250062 for CVE-2023-53311",
"url": "https://bugzilla.suse.com/1250062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53311"
},
{
"cve": "CVE-2023-53312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53312"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix net_dev_start_xmit trace event vs skb_transport_offset()\n\nAfter blamed commit, we must be more careful about using\nskb_transport_offset(), as reminded us by syzbot:\n\nWARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 skb_transport_offset include/linux/skbuff.h:2977 [inline]\nWARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868 perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14\nModules linked in:\nCPU: 0 PID: 10 Comm: kworker/u4:1 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet\nRIP: 0010:skb_transport_header include/linux/skbuff.h:2868 [inline]\nRIP: 0010:skb_transport_offset include/linux/skbuff.h:2977 [inline]\nRIP: 0010:perf_trace_net_dev_start_xmit+0x89a/0xce0 include/trace/events/net.h:14\nCode: 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 0f 85 4e 04 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc e8 56 22 01 fd \u003c0f\u003e 0b e9 f6 fc ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 86 f9 ff\nRSP: 0018:ffffc900002bf700 EFLAGS: 00010293\nRAX: ffffffff8485d8ca RBX: 000000000000ffff RCX: ffff888100914280\nRDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff\nRBP: ffffc900002bf818 R08: ffffffff8485d5b6 R09: fffffbfff0f8fb5e\nR10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff110217d8f67\nR13: ffff88810bec7b3a R14: dffffc0000000000 R15: dffffc0000000000\nFS: 0000000000000000(0000) GS:ffff8881f6a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f96cf6d52f0 CR3: 000000012224c000 CR4: 0000000000350ef0\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff84715e35\u003e] trace_net_dev_start_xmit include/trace/events/net.h:14 [inline]\n[\u003cffffffff84715e35\u003e] xmit_one net/core/dev.c:3643 [inline]\n[\u003cffffffff84715e35\u003e] dev_hard_start_xmit+0x705/0x980 net/core/dev.c:3660\n[\u003cffffffff8471a232\u003e] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324\n[\u003cffffffff85416493\u003e] dev_queue_xmit include/linux/netdevice.h:3030 [inline]\n[\u003cffffffff85416493\u003e] batadv_send_skb_packet+0x3f3/0x680 net/batman-adv/send.c:108\n[\u003cffffffff85416744\u003e] batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n[\u003cffffffff853bc52a\u003e] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]\n[\u003cffffffff853bc52a\u003e] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline]\n[\u003cffffffff853bc52a\u003e] batadv_iv_send_outstanding_bat_ogm_packet+0x69a/0x840 net/batman-adv/bat_iv_ogm.c:1701\n[\u003cffffffff8151023c\u003e] process_one_work+0x8ac/0x1170 kernel/workqueue.c:2289\n[\u003cffffffff81511938\u003e] worker_thread+0xaa8/0x12d0 kernel/workqueue.c:2436",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53312",
"url": "https://www.suse.com/security/cve/CVE-2023-53312"
},
{
"category": "external",
"summary": "SUSE Bug 1250063 for CVE-2023-53312",
"url": "https://bugzilla.suse.com/1250063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53312"
},
{
"cve": "CVE-2023-53313",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53313"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix wrong setting of max_corr_read_errors\n\nThere is no input check when echo md/max_read_errors and overflow might\noccur. Add check of input number.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53313",
"url": "https://www.suse.com/security/cve/CVE-2023-53313"
},
{
"category": "external",
"summary": "SUSE Bug 1249911 for CVE-2023-53313",
"url": "https://bugzilla.suse.com/1249911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53313"
},
{
"cve": "CVE-2023-53314",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53314"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev/ep93xx-fb: Do not assign to struct fb_info.dev\n\nDo not assing the Linux device to struct fb_info.dev. The call to\nregister_framebuffer() initializes the field to the fbdev device.\nDrivers should not override its value.\n\nFixes a bug where the driver incorrectly decreases the hardware\ndevice\u0027s reference counter and leaks the fbdev device.\n\nv2:\n\t* add Fixes tag (Dan)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53314",
"url": "https://www.suse.com/security/cve/CVE-2023-53314"
},
{
"category": "external",
"summary": "SUSE Bug 1250065 for CVE-2023-53314",
"url": "https://bugzilla.suse.com/1250065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53314"
},
{
"cve": "CVE-2023-53316",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53316"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: Free resources after unregistering them\n\nThe DP component\u0027s unbind operation walks through the submodules to\nunregister and clean things up. But if the unbind happens because the DP\ncontroller itself is being removed, all the memory for those submodules\nhas just been freed.\n\nChange the order of these operations to avoid the many use-after-free\nthat otherwise happens in this code path.\n\nPatchwork: https://patchwork.freedesktop.org/patch/542166/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53316",
"url": "https://www.suse.com/security/cve/CVE-2023-53316"
},
{
"category": "external",
"summary": "SUSE Bug 1250066 for CVE-2023-53316",
"url": "https://bugzilla.suse.com/1250066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53316"
},
{
"cve": "CVE-2023-53319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Handle kvm_arm_init failure correctly in finalize_pkvm\n\nCurrently there is no synchronisation between finalize_pkvm() and\nkvm_arm_init() initcalls. The finalize_pkvm() proceeds happily even if\nkvm_arm_init() fails resulting in the following warning on all the CPUs\nand eventually a HYP panic:\n\n | kvm [1]: IPA Size Limit: 48 bits\n | kvm [1]: Failed to init hyp memory protection\n | kvm [1]: error initializing Hyp mode: -22\n |\n | \u003csnip\u003e\n |\n | WARNING: CPU: 0 PID: 0 at arch/arm64/kvm/pkvm.c:226 _kvm_host_prot_finalize+0x30/0x50\n | Modules linked in:\n | CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0 #237\n | Hardware name: FVP Base RevC (DT)\n | pstate: 634020c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\n | pc : _kvm_host_prot_finalize+0x30/0x50\n | lr : __flush_smp_call_function_queue+0xd8/0x230\n |\n | Call trace:\n | _kvm_host_prot_finalize+0x3c/0x50\n | on_each_cpu_cond_mask+0x3c/0x6c\n | pkvm_drop_host_privileges+0x4c/0x78\n | finalize_pkvm+0x3c/0x5c\n | do_one_initcall+0xcc/0x240\n | do_initcall_level+0x8c/0xac\n | do_initcalls+0x54/0x94\n | do_basic_setup+0x1c/0x28\n | kernel_init_freeable+0x100/0x16c\n | kernel_init+0x20/0x1a0\n | ret_from_fork+0x10/0x20\n | Failed to finalize Hyp protection: -22\n | dtb=fvp-base-revc.dtb\n | kvm [95]: nVHE hyp BUG at: arch/arm64/kvm/hyp/nvhe/mem_protect.c:540!\n | kvm [95]: nVHE call trace:\n | kvm [95]: [\u003cffff800081052984\u003e] __kvm_nvhe_hyp_panic+0xac/0xf8\n | kvm [95]: [\u003cffff800081059644\u003e] __kvm_nvhe_handle_host_mem_abort+0x1a0/0x2ac\n | kvm [95]: [\u003cffff80008105511c\u003e] __kvm_nvhe_handle_trap+0x4c/0x160\n | kvm [95]: [\u003cffff8000810540fc\u003e] __kvm_nvhe___skip_pauth_save+0x4/0x4\n | kvm [95]: ---[ end nVHE call trace ]---\n | kvm [95]: Hyp Offset: 0xfffe8db00ffa0000\n | Kernel panic - not syncing: HYP panic:\n | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800\n | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000\n | VCPU:0000000000000000\n | CPU: 3 PID: 95 Comm: kworker/u16:2 Tainted: G W 6.4.0 #237\n | Hardware name: FVP Base RevC (DT)\n | Workqueue: rpciod rpc_async_schedule\n | Call trace:\n | dump_backtrace+0xec/0x108\n | show_stack+0x18/0x2c\n | dump_stack_lvl+0x50/0x68\n | dump_stack+0x18/0x24\n | panic+0x138/0x33c\n | nvhe_hyp_panic_handler+0x100/0x184\n | new_slab+0x23c/0x54c\n | ___slab_alloc+0x3e4/0x770\n | kmem_cache_alloc_node+0x1f0/0x278\n | __alloc_skb+0xdc/0x294\n | tcp_stream_alloc_skb+0x2c/0xf0\n | tcp_sendmsg_locked+0x3d0/0xda4\n | tcp_sendmsg+0x38/0x5c\n | inet_sendmsg+0x44/0x60\n | sock_sendmsg+0x1c/0x34\n | xprt_sock_sendmsg+0xdc/0x274\n | xs_tcp_send_request+0x1ac/0x28c\n | xprt_transmit+0xcc/0x300\n | call_transmit+0x78/0x90\n | __rpc_execute+0x114/0x3d8\n | rpc_async_schedule+0x28/0x48\n | process_one_work+0x1d8/0x314\n | worker_thread+0x248/0x474\n | kthread+0xfc/0x184\n | ret_from_fork+0x10/0x20\n | SMP: stopping secondary CPUs\n | Kernel Offset: 0x57c5cb460000 from 0xffff800080000000\n | PHYS_OFFSET: 0x80000000\n | CPU features: 0x00000000,1035b7a3,ccfe773f\n | Memory Limit: none\n | ---[ end Kernel panic - not syncing: HYP panic:\n | PS:a34023c9 PC:0000f250710b973c ESR:00000000f2000800\n | FAR:ffff000800cb00d0 HPFAR:000000000880cb00 PAR:0000000000000000\n | VCPU:0000000000000000 ]---\n\nFix it by checking for the successfull initialisation of kvm_arm_init()\nin finalize_pkvm() before proceeding any futher.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53319",
"url": "https://www.suse.com/security/cve/CVE-2023-53319"
},
{
"category": "external",
"summary": "SUSE Bug 1250067 for CVE-2023-53319",
"url": "https://bugzilla.suse.com/1250067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53319"
},
{
"cve": "CVE-2023-53321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53321"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: drop short frames\n\nWhile technically some control frames like ACK are shorter and\nend after Address 1, such frames shouldn\u0027t be forwarded through\nwmediumd or similar userspace, so require the full 3-address\nheader to avoid accessing invalid memory if shorter frames are\npassed in.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53321",
"url": "https://www.suse.com/security/cve/CVE-2023-53321"
},
{
"category": "external",
"summary": "SUSE Bug 1250313 for CVE-2023-53321",
"url": "https://bugzilla.suse.com/1250313"
},
{
"category": "external",
"summary": "SUSE Bug 1250314 for CVE-2023-53321",
"url": "https://bugzilla.suse.com/1250314"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53321"
},
{
"cve": "CVE-2023-53322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53322"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Wait for io return on terminate rport\n\nSystem crash due to use after free.\nCurrent code allows terminate_rport_io to exit before making\nsure all IOs has returned. For FCP-2 device, IO\u0027s can hang\non in HW because driver has not tear down the session in FW at\nfirst sign of cable pull. When dev_loss_tmo timer pops,\nterminate_rport_io is called and upper layer is about to\nfree various resources. Terminate_rport_io trigger qla to do\nthe final cleanup, but the cleanup might not be fast enough where it\nleave qla still holding on to the same resource.\n\nWait for IO\u0027s to return to upper layer before resources are freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53322",
"url": "https://www.suse.com/security/cve/CVE-2023-53322"
},
{
"category": "external",
"summary": "SUSE Bug 1250323 for CVE-2023-53322",
"url": "https://bugzilla.suse.com/1250323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53322"
},
{
"cve": "CVE-2023-53323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next2/dax: Fix ext2_setsize when len is page aligned\n\nPAGE_ALIGN(x) macro gives the next highest value which is multiple of\npagesize. But if x is already page aligned then it simply returns x.\nSo, if x passed is 0 in dax_zero_range() function, that means the\nlength gets passed as 0 to -\u003eiomap_begin().\n\nIn ext2 it then calls ext2_get_blocks -\u003e max_blocks as 0 and hits bug_on\nhere in ext2_get_blocks().\n\tBUG_ON(maxblocks == 0);\n\nInstead we should be calling dax_truncate_page() here which takes\ncare of it. i.e. it only calls dax_zero_range if the offset is not\npage/block aligned.\n\nThis can be easily triggered with following on fsdax mounted pmem\ndevice.\n\ndd if=/dev/zero of=file count=1 bs=512\ntruncate -s 0 file\n\n[79.525838] EXT2-fs (pmem0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk\n[79.529376] ext2 filesystem being mounted at /mnt1/test supports timestamps until 2038 (0x7fffffff)\n[93.793207] ------------[ cut here ]------------\n[93.795102] kernel BUG at fs/ext2/inode.c:637!\n[93.796904] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[93.798659] CPU: 0 PID: 1192 Comm: truncate Not tainted 6.3.0-rc2-xfstests-00056-g131086faa369 #139\n[93.806459] RIP: 0010:ext2_get_blocks.constprop.0+0x524/0x610\n\u003c...\u003e\n[93.835298] Call Trace:\n[93.836253] \u003cTASK\u003e\n[93.837103] ? lock_acquire+0xf8/0x110\n[93.838479] ? d_lookup+0x69/0xd0\n[93.839779] ext2_iomap_begin+0xa7/0x1c0\n[93.841154] iomap_iter+0xc7/0x150\n[93.842425] dax_zero_range+0x6e/0xa0\n[93.843813] ext2_setsize+0x176/0x1b0\n[93.845164] ext2_setattr+0x151/0x200\n[93.846467] notify_change+0x341/0x4e0\n[93.847805] ? lock_acquire+0xf8/0x110\n[93.849143] ? do_truncate+0x74/0xe0\n[93.850452] ? do_truncate+0x84/0xe0\n[93.851739] do_truncate+0x84/0xe0\n[93.852974] do_sys_ftruncate+0x2b4/0x2f0\n[93.854404] do_syscall_64+0x3f/0x90\n[93.855789] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53323",
"url": "https://www.suse.com/security/cve/CVE-2023-53323"
},
{
"category": "external",
"summary": "SUSE Bug 1250069 for CVE-2023-53323",
"url": "https://bugzilla.suse.com/1250069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53323"
},
{
"cve": "CVE-2023-53324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/mdp5: Don\u0027t leak some plane state\n\nApparently no one noticed that mdp5 plane states leak like a sieve\never since we introduced plane_state-\u003ecommit refcount a few years ago\nin 21a01abbe32a (\"drm/atomic: Fix freeing connector/plane state too\nearly by tracking commits, v3.\")\n\nFix it by using the right helpers.\n\nPatchwork: https://patchwork.freedesktop.org/patch/551236/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53324",
"url": "https://www.suse.com/security/cve/CVE-2023-53324"
},
{
"category": "external",
"summary": "SUSE Bug 1250070 for CVE-2023-53324",
"url": "https://bugzilla.suse.com/1250070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53324"
},
{
"cve": "CVE-2023-53325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53325"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer()\n\nChange logging from drm_{err,info}() to dev_{err,info}() in functions\nmtk_dp_aux_transfer() and mtk_dp_aux_do_transfer(): this will be\nessential to avoid getting NULL pointer kernel panics if any kind\nof error happens during AUX transfers happening before the bridge\nis attached.\n\nThis may potentially start happening in a later commit implementing\naux-bus support, as AUX transfers will be triggered from the panel\ndriver (for EDID) before the mtk-dp bridge gets attached, and it\u0027s\ndone in preparation for the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53325",
"url": "https://www.suse.com/security/cve/CVE-2023-53325"
},
{
"category": "external",
"summary": "SUSE Bug 1250035 for CVE-2023-53325",
"url": "https://bugzilla.suse.com/1250035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53325"
},
{
"cve": "CVE-2023-53328",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53328"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Enhance sanity check while generating attr_list\n\nni_create_attr_list uses WARN_ON to catch error cases while generating\nattribute list, which only prints out stack trace and may not be enough.\nThis repalces them with more proper error handling flow.\n\n[ 59.666332] BUG: kernel NULL pointer dereference, address: 000000000000000e\n[ 59.673268] #PF: supervisor read access in kernel mode\n[ 59.678354] #PF: error_code(0x0000) - not-present page\n[ 59.682831] PGD 8000000005ff1067 P4D 8000000005ff1067 PUD 7dee067 PMD 0\n[ 59.688556] Oops: 0000 [#1] PREEMPT SMP KASAN PTI\n[ 59.692642] CPU: 0 PID: 198 Comm: poc Tainted: G B W 6.2.0-rc1+ #4\n[ 59.698868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n[ 59.708795] RIP: 0010:ni_create_attr_list+0x505/0x860\n[ 59.713657] Code: 7e 10 e8 5e d0 d0 ff 45 0f b7 76 10 48 8d 7b 16 e8 00 d1 d0 ff 66 44 89 73 16 4d 8d 75 0e 4c 89 f7 e8 3f d0 d0 ff 4c 8d8\n[ 59.731559] RSP: 0018:ffff88800a56f1e0 EFLAGS: 00010282\n[ 59.735691] RAX: 0000000000000001 RBX: ffff88800b7b5088 RCX: ffffffffb83079fe\n[ 59.741792] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffffbb7f9fc0\n[ 59.748423] RBP: ffff88800a56f3a8 R08: ffff88800b7b50a0 R09: fffffbfff76ff3f9\n[ 59.754654] R10: ffffffffbb7f9fc7 R11: fffffbfff76ff3f8 R12: ffff88800b756180\n[ 59.761552] R13: 0000000000000000 R14: 000000000000000e R15: 0000000000000050\n[ 59.768323] FS: 00007feaa8c96440(0000) GS:ffff88806d400000(0000) knlGS:0000000000000000\n[ 59.776027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 59.781395] CR2: 00007f3a2e0b1000 CR3: 000000000a5bc000 CR4: 00000000000006f0\n[ 59.787607] Call Trace:\n[ 59.790271] \u003cTASK\u003e\n[ 59.792488] ? __pfx_ni_create_attr_list+0x10/0x10\n[ 59.797235] ? kernel_text_address+0xd3/0xe0\n[ 59.800856] ? unwind_get_return_address+0x3e/0x60\n[ 59.805101] ? __kasan_check_write+0x18/0x20\n[ 59.809296] ? preempt_count_sub+0x1c/0xd0\n[ 59.813421] ni_ins_attr_ext+0x52c/0x5c0\n[ 59.817034] ? __pfx_ni_ins_attr_ext+0x10/0x10\n[ 59.821926] ? __vfs_setxattr+0x121/0x170\n[ 59.825718] ? __vfs_setxattr_noperm+0x97/0x300\n[ 59.829562] ? __vfs_setxattr_locked+0x145/0x170\n[ 59.833987] ? vfs_setxattr+0x137/0x2a0\n[ 59.836732] ? do_setxattr+0xce/0x150\n[ 59.839807] ? setxattr+0x126/0x140\n[ 59.842353] ? path_setxattr+0x164/0x180\n[ 59.845275] ? __x64_sys_setxattr+0x71/0x90\n[ 59.848838] ? do_syscall_64+0x3f/0x90\n[ 59.851898] ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n[ 59.857046] ? stack_depot_save+0x17/0x20\n[ 59.860299] ni_insert_attr+0x1ba/0x420\n[ 59.863104] ? __pfx_ni_insert_attr+0x10/0x10\n[ 59.867069] ? preempt_count_sub+0x1c/0xd0\n[ 59.869897] ? _raw_spin_unlock_irqrestore+0x2b/0x50\n[ 59.874088] ? __create_object+0x3ae/0x5d0\n[ 59.877865] ni_insert_resident+0xc4/0x1c0\n[ 59.881430] ? __pfx_ni_insert_resident+0x10/0x10\n[ 59.886355] ? kasan_save_alloc_info+0x1f/0x30\n[ 59.891117] ? __kasan_kmalloc+0x8b/0xa0\n[ 59.894383] ntfs_set_ea+0x90d/0xbf0\n[ 59.897703] ? __pfx_ntfs_set_ea+0x10/0x10\n[ 59.901011] ? kernel_text_address+0xd3/0xe0\n[ 59.905308] ? __kernel_text_address+0x16/0x50\n[ 59.909811] ? unwind_get_return_address+0x3e/0x60\n[ 59.914898] ? __pfx_stack_trace_consume_entry+0x10/0x10\n[ 59.920250] ? arch_stack_walk+0xa2/0x100\n[ 59.924560] ? filter_irq_stacks+0x27/0x80\n[ 59.928722] ntfs_setxattr+0x405/0x440\n[ 59.932512] ? __pfx_ntfs_setxattr+0x10/0x10\n[ 59.936634] ? kvmalloc_node+0x2d/0x120\n[ 59.940378] ? kasan_save_stack+0x41/0x60\n[ 59.943870] ? kasan_save_stack+0x2a/0x60\n[ 59.947719] ? kasan_set_track+0x29/0x40\n[ 59.951417] ? kasan_save_alloc_info+0x1f/0x30\n[ 59.955733] ? __kasan_kmalloc+0x8b/0xa0\n[ 59.959598] ? __kmalloc_node+0x68/0x150\n[ 59.963163] ? kvmalloc_node+0x2d/0x120\n[ 59.966490] ? vmemdup_user+0x2b/0xa0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53328",
"url": "https://www.suse.com/security/cve/CVE-2023-53328"
},
{
"category": "external",
"summary": "SUSE Bug 1249952 for CVE-2023-53328",
"url": "https://bugzilla.suse.com/1249952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53328"
},
{
"cve": "CVE-2023-53331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Check start of empty przs during init\n\nAfter commit 30696378f68a (\"pstore/ram: Do not treat empty buffers as\nvalid\"), initialization would assume a prz was valid after seeing that\nthe buffer_size is zero (regardless of the buffer start position). This\nunchecked start value means it could be outside the bounds of the buffer,\nleading to future access panics when written to:\n\n sysdump_panic_event+0x3b4/0x5b8\n atomic_notifier_call_chain+0x54/0x90\n panic+0x1c8/0x42c\n die+0x29c/0x2a8\n die_kernel_fault+0x68/0x78\n __do_kernel_fault+0x1c4/0x1e0\n do_bad_area+0x40/0x100\n do_translation_fault+0x68/0x80\n do_mem_abort+0x68/0xf8\n el1_da+0x1c/0xc0\n __raw_writeb+0x38/0x174\n __memcpy_toio+0x40/0xac\n persistent_ram_update+0x44/0x12c\n persistent_ram_write+0x1a8/0x1b8\n ramoops_pstore_write+0x198/0x1e8\n pstore_console_write+0x94/0xe0\n ...\n\nTo avoid this, also check if the prz start is 0 during the initialization\nphase. If not, the next prz sanity check case will discover it (start \u003e\nsize) and zap the buffer back to a sane state.\n\n[kees: update commit log with backtrace and clarifications]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53331",
"url": "https://www.suse.com/security/cve/CVE-2023-53331"
},
{
"category": "external",
"summary": "SUSE Bug 1249950 for CVE-2023-53331",
"url": "https://bugzilla.suse.com/1249950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53331"
},
{
"cve": "CVE-2023-53333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one\n\nEric Dumazet says:\n nf_conntrack_dccp_packet() has an unique:\n\n dh = skb_header_pointer(skb, dataoff, sizeof(_dh), \u0026_dh);\n\n And nothing more is \u0027pulled\u0027 from the packet, depending on the content.\n dh-\u003edccph_doff, and/or dh-\u003edccph_x ...)\n So dccp_ack_seq() is happily reading stuff past the _dh buffer.\n\nBUG: KASAN: stack-out-of-bounds in nf_conntrack_dccp_packet+0x1134/0x11c0\nRead of size 4 at addr ffff000128f66e0c by task syz-executor.2/29371\n[..]\n\nFix this by increasing the stack buffer to also include room for\nthe extra sequence numbers and all the known dccp packet type headers,\nthen pull again after the initial validation of the basic header.\n\nWhile at it, mark packets invalid that lack 48bit sequence bit but\nwhere RFC says the type MUST use them.\n\nCompile tested only.\n\nv2: first skb_header_pointer() now needs to adjust the size to\n only pull the generic header. (Eric)\n\nHeads-up: I intend to remove dccp conntrack support later this year.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53333",
"url": "https://www.suse.com/security/cve/CVE-2023-53333"
},
{
"category": "external",
"summary": "SUSE Bug 1249949 for CVE-2023-53333",
"url": "https://bugzilla.suse.com/1249949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53333"
},
{
"cve": "CVE-2023-53336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ipu-bridge: Fix null pointer deref on SSDB/PLD parsing warnings\n\nWhen ipu_bridge_parse_rotation() and ipu_bridge_parse_orientation() run\nsensor-\u003eadev is not set yet.\n\nSo if either of the dev_warn() calls about unknown values are hit this\nwill lead to a NULL pointer deref.\n\nSet sensor-\u003eadev earlier, with a borrowed ref to avoid making unrolling\non errors harder, to fix this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53336",
"url": "https://www.suse.com/security/cve/CVE-2023-53336"
},
{
"category": "external",
"summary": "SUSE Bug 1250073 for CVE-2023-53336",
"url": "https://bugzilla.suse.com/1250073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53336"
},
{
"cve": "CVE-2023-53338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53338"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlwt: Fix return values of BPF xmit ops\n\nBPF encap ops can return different types of positive values, such like\nNET_RX_DROP, NET_XMIT_CN, NETDEV_TX_BUSY, and so on, from function\nskb_do_redirect and bpf_lwt_xmit_reroute. At the xmit hook, such return\nvalues would be treated implicitly as LWTUNNEL_XMIT_CONTINUE in\nip(6)_finish_output2. When this happens, skbs that have been freed would\ncontinue to the neighbor subsystem, causing use-after-free bug and\nkernel crashes.\n\nTo fix the incorrect behavior, skb_do_redirect return values can be\nsimply discarded, the same as tc-egress behavior. On the other hand,\nbpf_lwt_xmit_reroute returns useful errors to local senders, e.g. PMTU\ninformation. Thus convert its return values to avoid the conflict with\nLWTUNNEL_XMIT_CONTINUE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53338",
"url": "https://www.suse.com/security/cve/CVE-2023-53338"
},
{
"category": "external",
"summary": "SUSE Bug 1250074 for CVE-2023-53338",
"url": "https://bugzilla.suse.com/1250074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53338"
},
{
"cve": "CVE-2023-53339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53339"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix BUG_ON condition in btrfs_cancel_balance\n\nPausing and canceling balance can race to interrupt balance lead to BUG_ON\npanic in btrfs_cancel_balance. The BUG_ON condition in btrfs_cancel_balance\ndoes not take this race scenario into account.\n\nHowever, the race condition has no other side effects. We can fix that.\n\nReproducing it with panic trace like this:\n\n kernel BUG at fs/btrfs/volumes.c:4618!\n RIP: 0010:btrfs_cancel_balance+0x5cf/0x6a0\n Call Trace:\n \u003cTASK\u003e\n ? do_nanosleep+0x60/0x120\n ? hrtimer_nanosleep+0xb7/0x1a0\n ? sched_core_clone_cookie+0x70/0x70\n btrfs_ioctl_balance_ctl+0x55/0x70\n btrfs_ioctl+0xa46/0xd20\n __x64_sys_ioctl+0x7d/0xa0\n do_syscall_64+0x38/0x80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n Race scenario as follows:\n \u003e mutex_unlock(\u0026fs_info-\u003ebalance_mutex);\n \u003e --------------------\n \u003e .......issue pause and cancel req in another thread\n \u003e --------------------\n \u003e ret = __btrfs_balance(fs_info);\n \u003e\n \u003e mutex_lock(\u0026fs_info-\u003ebalance_mutex);\n \u003e if (ret == -ECANCELED \u0026\u0026 atomic_read(\u0026fs_info-\u003ebalance_pause_req)) {\n \u003e btrfs_info(fs_info, \"balance: paused\");\n \u003e btrfs_exclop_balance(fs_info, BTRFS_EXCLOP_BALANCE_PAUSED);\n \u003e }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53339",
"url": "https://www.suse.com/security/cve/CVE-2023-53339"
},
{
"category": "external",
"summary": "SUSE Bug 1250329 for CVE-2023-53339",
"url": "https://bugzilla.suse.com/1250329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53339"
},
{
"cve": "CVE-2023-53342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53342"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix handling IPv4 routes with nhid\n\nFix handling IPv4 routes referencing a nexthop via its id by replacing\ncalls to fib_info_nh() with fib_info_nhc().\n\nTrying to add an IPv4 route referencing a nextop via nhid:\n\n $ ip link set up swp5\n $ ip a a 10.0.0.1/24 dev swp5\n $ ip nexthop add dev swp5 id 20 via 10.0.0.2\n $ ip route add 10.0.1.0/24 nhid 20\n\ntriggers warnings when trying to handle the route:\n\n[ 528.805763] ------------[ cut here ]------------\n[ 528.810437] WARNING: CPU: 3 PID: 53 at include/net/nexthop.h:468 __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.820434] Modules linked in: prestera_pci act_gact act_police sch_ingress cls_u32 cls_flower prestera arm64_delta_tn48m_dn_led(O) arm64_delta_tn48m_dn_cpld(O) [last unloaded: prestera_pci]\n[ 528.837485] CPU: 3 PID: 53 Comm: kworker/u8:3 Tainted: G O 6.4.5 #1\n[ 528.845178] Hardware name: delta,tn48m-dn (DT)\n[ 528.849641] Workqueue: prestera_ordered __prestera_router_fib_event_work [prestera]\n[ 528.857352] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 528.864347] pc : __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.870135] lr : prestera_k_arb_fib_evt+0xb20/0xd50 [prestera]\n[ 528.876007] sp : ffff80000b20bc90\n[ 528.879336] x29: ffff80000b20bc90 x28: 0000000000000000 x27: ffff0001374d3a48\n[ 528.886510] x26: ffff000105604000 x25: ffff000134af8a28 x24: ffff0001374d3800\n[ 528.893683] x23: ffff000101c89148 x22: ffff000101c89000 x21: ffff000101c89200\n[ 528.900855] x20: ffff00013641fda0 x19: ffff800009d01088 x18: 0000000000000059\n[ 528.908027] x17: 0000000000000277 x16: 0000000000000000 x15: 0000000000000000\n[ 528.915198] x14: 0000000000000003 x13: 00000000000fe400 x12: 0000000000000000\n[ 528.922371] x11: 0000000000000002 x10: 0000000000000aa0 x9 : ffff8000013d2020\n[ 528.929543] x8 : 0000000000000018 x7 : 000000007b1703f8 x6 : 000000001ca72f86\n[ 528.936715] x5 : 0000000033399ea7 x4 : 0000000000000000 x3 : ffff0001374d3acc\n[ 528.943886] x2 : 0000000000000000 x1 : ffff00010200de00 x0 : ffff000134ae3f80\n[ 528.951058] Call trace:\n[ 528.953516] __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.958952] __prestera_router_fib_event_work+0x100/0x158 [prestera]\n[ 528.965348] process_one_work+0x208/0x488\n[ 528.969387] worker_thread+0x4c/0x430\n[ 528.973068] kthread+0x120/0x138\n[ 528.976313] ret_from_fork+0x10/0x20\n[ 528.979909] ---[ end trace 0000000000000000 ]---\n[ 528.984998] ------------[ cut here ]------------\n[ 528.989645] WARNING: CPU: 3 PID: 53 at include/net/nexthop.h:468 __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 528.999628] Modules linked in: prestera_pci act_gact act_police sch_ingress cls_u32 cls_flower prestera arm64_delta_tn48m_dn_led(O) arm64_delta_tn48m_dn_cpld(O) [last unloaded: prestera_pci]\n[ 529.016676] CPU: 3 PID: 53 Comm: kworker/u8:3 Tainted: G W O 6.4.5 #1\n[ 529.024368] Hardware name: delta,tn48m-dn (DT)\n[ 529.028830] Workqueue: prestera_ordered __prestera_router_fib_event_work [prestera]\n[ 529.036539] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 529.043533] pc : __prestera_fi_is_direct+0x2c/0x68 [prestera]\n[ 529.049318] lr : __prestera_k_arb_fc_apply+0x280/0x2f8 [prestera]\n[ 529.055452] sp : ffff80000b20bc60\n[ 529.058781] x29: ffff80000b20bc60 x28: 0000000000000000 x27: ffff0001374d3a48\n[ 529.065953] x26: ffff000105604000 x25: ffff000134af8a28 x24: ffff0001374d3800\n[ 529.073126] x23: ffff000101c89148 x22: ffff000101c89148 x21: ffff00013641fda0\n[ 529.080299] x20: ffff000101c89000 x19: ffff000101c89020 x18: 0000000000000059\n[ 529.087471] x17: 0000000000000277 x16: 0000000000000000 x15: 0000000000000000\n[ 529.094642] x14: 0000000000000003 x13: 00000000000fe400 x12: 0000000000000000\n[ 529.101814] x11: 0000000000000002 x10: 0000000000000aa0 x9 : ffff8000013cee80\n[ 529.108985] x8 : 0000000000000018 x7 : 000000007b1703f8 x6 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53342",
"url": "https://www.suse.com/security/cve/CVE-2023-53342"
},
{
"category": "external",
"summary": "SUSE Bug 1250029 for CVE-2023-53342",
"url": "https://bugzilla.suse.com/1250029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53342"
},
{
"cve": "CVE-2023-53343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp6: Fix null-ptr-deref of ip6_null_entry-\u003ert6i_idev in icmp6_dev().\n\nWith some IPv6 Ext Hdr (RPL, SRv6, etc.), we can send a packet that\nhas the link-local address as src and dst IP and will be forwarded to\nan external IP in the IPv6 Ext Hdr.\n\nFor example, the script below generates a packet whose src IP is the\nlink-local address and dst is updated to 11::.\n\n # for f in $(find /proc/sys/net/ -name *seg6_enabled*); do echo 1 \u003e $f; done\n # python3\n \u003e\u003e\u003e from socket import *\n \u003e\u003e\u003e from scapy.all import *\n \u003e\u003e\u003e\n \u003e\u003e\u003e SRC_ADDR = DST_ADDR = \"fe80::5054:ff:fe12:3456\"\n \u003e\u003e\u003e\n \u003e\u003e\u003e pkt = IPv6(src=SRC_ADDR, dst=DST_ADDR)\n \u003e\u003e\u003e pkt /= IPv6ExtHdrSegmentRouting(type=4, addresses=[\"11::\", \"22::\"], segleft=1)\n \u003e\u003e\u003e\n \u003e\u003e\u003e sk = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW)\n \u003e\u003e\u003e sk.sendto(bytes(pkt), (DST_ADDR, 0))\n\nFor such a packet, we call ip6_route_input() to look up a route for the\nnext destination in these three functions depending on the header type.\n\n * ipv6_rthdr_rcv()\n * ipv6_rpl_srh_rcv()\n * ipv6_srh_rcv()\n\nIf no route is found, ip6_null_entry is set to skb, and the following\ndst_input(skb) calls ip6_pkt_drop().\n\nFinally, in icmp6_dev(), we dereference skb_rt6_info(skb)-\u003ert6i_idev-\u003edev\nas the input device is the loopback interface. Then, we have to check if\nskb_rt6_info(skb)-\u003ert6i_idev is NULL or not to avoid NULL pointer deref\nfor ip6_null_entry.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n PF: supervisor read access in kernel mode\n PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 0 PID: 157 Comm: python3 Not tainted 6.4.0-11996-gb121d614371c #35\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:icmp6_send (net/ipv6/icmp.c:436 net/ipv6/icmp.c:503)\nCode: fe ff ff 48 c7 40 30 c0 86 5d 83 e8 c6 44 1c 00 e9 c8 fc ff ff 49 8b 46 58 48 83 e0 fe 0f 84 4a fb ff ff 48 8b 80 d0 00 00 00 \u003c48\u003e 8b 00 44 8b 88 e0 00 00 00 e9 34 fb ff ff 4d 85 ed 0f 85 69 01\nRSP: 0018:ffffc90000003c70 EFLAGS: 00000286\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000000000e0\nRDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff888006d72a18\nRBP: ffffc90000003d80 R08: 0000000000000000 R09: 0000000000000001\nR10: ffffc90000003d98 R11: 0000000000000040 R12: ffff888006d72a10\nR13: 0000000000000000 R14: ffff8880057fb800 R15: ffffffff835d86c0\nFS: 00007f9dc72ee740(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000057b2000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cIRQ\u003e\n ip6_pkt_drop (net/ipv6/route.c:4513)\n ipv6_rthdr_rcv (net/ipv6/exthdrs.c:640 net/ipv6/exthdrs.c:686)\n ip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:437 (discriminator 5))\n ip6_input_finish (./include/linux/rcupdate.h:781 net/ipv6/ip6_input.c:483)\n __netif_receive_skb_one_core (net/core/dev.c:5455)\n process_backlog (./include/linux/rcupdate.h:781 net/core/dev.c:5895)\n __napi_poll (net/core/dev.c:6460)\n net_rx_action (net/core/dev.c:6529 net/core/dev.c:6660)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4231)\n ip6_finish_output2 (./include/net/neighbour.h:544 net/ipv6/ip6_output.c:135)\n rawv6_sendmsg (./include/net/dst.h:458 ./include/linux/netfilter.h:303 net/ipv6/raw.c:656 net/ipv6/raw.c:914)\n sock_sendmsg (net/socket.c:725 net/socket.c:748)\n __sys_sendto (net/socket.c:2134)\n __x64_sys_sendto (net/socket.c:2146 net/socket.c:2142 net/socket.c:2142)\n do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)\nRIP: 0033:0x7f9dc751baea\nCode: d8 64 89 02 48 c7 c0 ff f\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53343",
"url": "https://www.suse.com/security/cve/CVE-2023-53343"
},
{
"category": "external",
"summary": "SUSE Bug 1250022 for CVE-2023-53343",
"url": "https://bugzilla.suse.com/1250022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53343"
},
{
"cve": "CVE-2023-53350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix slicing memory leak\n\nThe temporary buffer storing slicing configuration data from user is only\nfreed on error. This is a memory leak. Free the buffer unconditionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53350",
"url": "https://www.suse.com/security/cve/CVE-2023-53350"
},
{
"category": "external",
"summary": "SUSE Bug 1250012 for CVE-2023-53350",
"url": "https://bugzilla.suse.com/1250012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53350"
},
{
"cve": "CVE-2023-53352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: check null pointer before accessing when swapping\n\nAdd a check to avoid null pointer dereference as below:\n\n[ 90.002283] general protection fault, probably for non-canonical\naddress 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[ 90.002292] KASAN: null-ptr-deref in range\n[0x0000000000000000-0x0000000000000007]\n[ 90.002346] ? exc_general_protection+0x159/0x240\n[ 90.002352] ? asm_exc_general_protection+0x26/0x30\n[ 90.002357] ? ttm_bo_evict_swapout_allowable+0x322/0x5e0 [ttm]\n[ 90.002365] ? ttm_bo_evict_swapout_allowable+0x42e/0x5e0 [ttm]\n[ 90.002373] ttm_bo_swapout+0x134/0x7f0 [ttm]\n[ 90.002383] ? __pfx_ttm_bo_swapout+0x10/0x10 [ttm]\n[ 90.002391] ? lock_acquire+0x44d/0x4f0\n[ 90.002398] ? ttm_device_swapout+0xa5/0x260 [ttm]\n[ 90.002412] ? lock_acquired+0x355/0xa00\n[ 90.002416] ? do_raw_spin_trylock+0xb6/0x190\n[ 90.002421] ? __pfx_lock_acquired+0x10/0x10\n[ 90.002426] ? ttm_global_swapout+0x25/0x210 [ttm]\n[ 90.002442] ttm_device_swapout+0x198/0x260 [ttm]\n[ 90.002456] ? __pfx_ttm_device_swapout+0x10/0x10 [ttm]\n[ 90.002472] ttm_global_swapout+0x75/0x210 [ttm]\n[ 90.002486] ttm_tt_populate+0x187/0x3f0 [ttm]\n[ 90.002501] ttm_bo_handle_move_mem+0x437/0x590 [ttm]\n[ 90.002517] ttm_bo_validate+0x275/0x430 [ttm]\n[ 90.002530] ? __pfx_ttm_bo_validate+0x10/0x10 [ttm]\n[ 90.002544] ? kasan_save_stack+0x33/0x60\n[ 90.002550] ? kasan_set_track+0x25/0x30\n[ 90.002554] ? __kasan_kmalloc+0x8f/0xa0\n[ 90.002558] ? amdgpu_gtt_mgr_new+0x81/0x420 [amdgpu]\n[ 90.003023] ? ttm_resource_alloc+0xf6/0x220 [ttm]\n[ 90.003038] amdgpu_bo_pin_restricted+0x2dd/0x8b0 [amdgpu]\n[ 90.003210] ? __x64_sys_ioctl+0x131/0x1a0\n[ 90.003210] ? do_syscall_64+0x60/0x90",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53352",
"url": "https://www.suse.com/security/cve/CVE-2023-53352"
},
{
"category": "external",
"summary": "SUSE Bug 1250006 for CVE-2023-53352",
"url": "https://bugzilla.suse.com/1250006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53352"
},
{
"cve": "CVE-2023-53354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: skb_segment, Call zero copy functions before using skbuff frags\n\nCommit bf5c25d60861 (\"skbuff: in skb_segment, call zerocopy functions\nonce per nskb\") added the call to zero copy functions in skb_segment().\nThe change introduced a bug in skb_segment() because skb_orphan_frags()\nmay possibly change the number of fragments or allocate new fragments\naltogether leaving nrfrags and frag to point to the old values. This can\ncause a panic with stacktrace like the one below.\n\n[ 193.894380] BUG: kernel NULL pointer dereference, address: 00000000000000bc\n[ 193.895273] CPU: 13 PID: 18164 Comm: vh-net-17428 Kdump: loaded Tainted: G O 5.15.123+ #26\n[ 193.903919] RIP: 0010:skb_segment+0xb0e/0x12f0\n[ 194.021892] Call Trace:\n[ 194.027422] \u003cTASK\u003e\n[ 194.072861] tcp_gso_segment+0x107/0x540\n[ 194.082031] inet_gso_segment+0x15c/0x3d0\n[ 194.090783] skb_mac_gso_segment+0x9f/0x110\n[ 194.095016] __skb_gso_segment+0xc1/0x190\n[ 194.103131] netem_enqueue+0x290/0xb10 [sch_netem]\n[ 194.107071] dev_qdisc_enqueue+0x16/0x70\n[ 194.110884] __dev_queue_xmit+0x63b/0xb30\n[ 194.121670] bond_start_xmit+0x159/0x380 [bonding]\n[ 194.128506] dev_hard_start_xmit+0xc3/0x1e0\n[ 194.131787] __dev_queue_xmit+0x8a0/0xb30\n[ 194.138225] macvlan_start_xmit+0x4f/0x100 [macvlan]\n[ 194.141477] dev_hard_start_xmit+0xc3/0x1e0\n[ 194.144622] sch_direct_xmit+0xe3/0x280\n[ 194.147748] __dev_queue_xmit+0x54a/0xb30\n[ 194.154131] tap_get_user+0x2a8/0x9c0 [tap]\n[ 194.157358] tap_sendmsg+0x52/0x8e0 [tap]\n[ 194.167049] handle_tx_zerocopy+0x14e/0x4c0 [vhost_net]\n[ 194.173631] handle_tx+0xcd/0xe0 [vhost_net]\n[ 194.176959] vhost_worker+0x76/0xb0 [vhost]\n[ 194.183667] kthread+0x118/0x140\n[ 194.190358] ret_from_fork+0x1f/0x30\n[ 194.193670] \u003c/TASK\u003e\n\nIn this case calling skb_orphan_frags() updated nr_frags leaving nrfrags\nlocal variable in skb_segment() stale. This resulted in the code hitting\ni \u003e= nrfrags prematurely and trying to move to next frag_skb using\nlist_skb pointer, which was NULL, and caused kernel panic. Move the call\nto zero copy functions before using frags and nr_frags.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53354",
"url": "https://www.suse.com/security/cve/CVE-2023-53354"
},
{
"category": "external",
"summary": "SUSE Bug 1250004 for CVE-2023-53354",
"url": "https://bugzilla.suse.com/1250004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53354"
},
{
"cve": "CVE-2023-53356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Add null pointer check in gserial_suspend\n\nConsider a case where gserial_disconnect has already cleared\ngser-\u003eioport. And if gserial_suspend gets called afterwards,\nit will lead to accessing of gser-\u003eioport and thus causing\nnull pointer dereference.\n\nAvoid this by adding a null pointer check. Added a static\nspinlock to prevent gser-\u003eioport from becoming null after\nthe newly added null pointer check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53356",
"url": "https://www.suse.com/security/cve/CVE-2023-53356"
},
{
"category": "external",
"summary": "SUSE Bug 1249997 for CVE-2023-53356",
"url": "https://bugzilla.suse.com/1249997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53356"
},
{
"cve": "CVE-2023-53357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53357"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: check slab-out-of-bounds in md_bitmap_get_counter\n\nIf we write a large number to md/bitmap_set_bits, md_bitmap_checkpage()\nwill return -EINVAL because \u0027page \u003e= bitmap-\u003epages\u0027, but the return value\nwas not checked immediately in md_bitmap_get_counter() in order to set\n*blocks value and slab-out-of-bounds occurs.\n\nMove check of \u0027page \u003e= bitmap-\u003epages\u0027 to md_bitmap_get_counter() and\nreturn directly if true.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53357",
"url": "https://www.suse.com/security/cve/CVE-2023-53357"
},
{
"category": "external",
"summary": "SUSE Bug 1249994 for CVE-2023-53357",
"url": "https://bugzilla.suse.com/1249994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53357"
},
{
"cve": "CVE-2023-53360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: Rework scratch handling for READ_PLUS (again)\n\nI found that the read code might send multiple requests using the same\nnfs_pgio_header, but nfs4_proc_read_setup() is only called once. This is\nhow we ended up occasionally double-freeing the scratch buffer, but also\nmeans we set a NULL pointer but non-zero length to the xdr scratch\nbuffer. This results in an oops the first time decoding needs to copy\nsomething to scratch, which frequently happens when decoding READ_PLUS\nhole segments.\n\nI fix this by moving scratch handling into the pageio read code. I\nprovide a function to allocate scratch space for decoding read replies,\nand free the scratch buffer when the nfs_pgio_header is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53360",
"url": "https://www.suse.com/security/cve/CVE-2023-53360"
},
{
"category": "external",
"summary": "SUSE Bug 1249990 for CVE-2023-53360",
"url": "https://bugzilla.suse.com/1249990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53360"
},
{
"cve": "CVE-2023-53362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: don\u0027t assume child devices are all fsl-mc devices\n\nChanges in VFIO caused a pseudo-device to be created as child of\nfsl-mc devices causing a crash [1] when trying to bind a fsl-mc\ndevice to VFIO. Fix this by checking the device type when enumerating\nfsl-mc child devices.\n\n[1]\nModules linked in:\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nCPU: 6 PID: 1289 Comm: sh Not tainted 6.2.0-rc5-00047-g7c46948a6e9c #2\nHardware name: NXP Layerscape LX2160ARDB (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mc_send_command+0x24/0x1f0\nlr : dprc_get_obj_region+0xfc/0x1c0\nsp : ffff80000a88b900\nx29: ffff80000a88b900 x28: ffff48a9429e1400 x27: 00000000000002b2\nx26: ffff48a9429e1718 x25: 0000000000000000 x24: 0000000000000000\nx23: ffffd59331ba3918 x22: ffffd59331ba3000 x21: 0000000000000000\nx20: ffff80000a88b9b8 x19: 0000000000000000 x18: 0000000000000001\nx17: 7270642f636d2d6c x16: 73662e3030303030 x15: ffffffffffffffff\nx14: ffffd59330f1d668 x13: ffff48a8727dc389 x12: ffff48a8727dc386\nx11: 0000000000000002 x10: 00008ceaf02f35d4 x9 : 0000000000000012\nx8 : 0000000000000000 x7 : 0000000000000006 x6 : ffff80000a88bab0\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000a88b9e8\nx2 : ffff80000a88b9e8 x1 : 0000000000000000 x0 : ffff48a945142b80\nCall trace:\n mc_send_command+0x24/0x1f0\n dprc_get_obj_region+0xfc/0x1c0\n fsl_mc_device_add+0x340/0x590\n fsl_mc_obj_device_add+0xd0/0xf8\n dprc_scan_objects+0x1c4/0x340\n dprc_scan_container+0x38/0x60\n vfio_fsl_mc_probe+0x9c/0xf8\n fsl_mc_driver_probe+0x24/0x70\n really_probe+0xbc/0x2a8\n __driver_probe_device+0x78/0xe0\n device_driver_attach+0x30/0x68\n bind_store+0xa8/0x130\n drv_attr_store+0x24/0x38\n sysfs_kf_write+0x44/0x60\n kernfs_fop_write_iter+0x128/0x1b8\n vfs_write+0x334/0x448\n ksys_write+0x68/0xf0\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x44/0x108\n el0_svc_common.constprop.1+0x94/0xf8\n do_el0_svc+0x38/0xb0\n el0_svc+0x20/0x50\n el0t_64_sync_handler+0x98/0xc0\n el0t_64_sync+0x174/0x178\nCode: aa0103f4 a9025bf5 d5384100 b9400801 (79401260)\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53362",
"url": "https://www.suse.com/security/cve/CVE-2023-53362"
},
{
"category": "external",
"summary": "SUSE Bug 1249993 for CVE-2023-53362",
"url": "https://bugzilla.suse.com/1249993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53362"
},
{
"cve": "CVE-2023-53364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9063: better fix null deref with partial DT\n\nTwo versions of the original patch were sent but V1 was merged instead\nof V2 due to a mistake.\n\nSo update to V2.\n\nThe advantage of V2 is that it completely avoids dereferencing the pointer,\neven just to take the address, which may fix problems with some compilers.\nBoth versions work on my gcc 9.4 but use the safer one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53364",
"url": "https://www.suse.com/security/cve/CVE-2023-53364"
},
{
"category": "external",
"summary": "SUSE Bug 1249984 for CVE-2023-53364",
"url": "https://bugzilla.suse.com/1249984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53364"
},
{
"cve": "CVE-2023-53365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6mr: Fix skb_under_panic in ip6mr_cache_report()\n\nskbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4\n head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:192!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: ipv6_addrconf addrconf_dad_work\n RIP: 0010:skb_panic+0x152/0x1d0\n Call Trace:\n \u003cTASK\u003e\n skb_push+0xc4/0xe0\n ip6mr_cache_report+0xd69/0x19b0\n reg_vif_xmit+0x406/0x690\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n vlan_dev_hard_start_xmit+0x3ab/0x5c0\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n neigh_connected_output+0x3ed/0x570\n ip6_finish_output2+0x5b5/0x1950\n ip6_finish_output+0x693/0x11c0\n ip6_output+0x24b/0x880\n NF_HOOK.constprop.0+0xfd/0x530\n ndisc_send_skb+0x9db/0x1400\n ndisc_send_rs+0x12a/0x6c0\n addrconf_dad_completed+0x3c9/0xea0\n addrconf_dad_work+0x849/0x1420\n process_one_work+0xa22/0x16e0\n worker_thread+0x679/0x10c0\n ret_from_fork+0x28/0x60\n ret_from_fork_asm+0x11/0x20\n\nWhen setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().\nreg_vif_xmit()\n ip6mr_cache_report()\n skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4\nAnd skb_push declared as:\n\tvoid *skb_push(struct sk_buff *skb, unsigned int len);\n\t\tskb-\u003edata -= len;\n\t\t//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850\nskb-\u003edata is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53365",
"url": "https://www.suse.com/security/cve/CVE-2023-53365"
},
{
"category": "external",
"summary": "SUSE Bug 1249988 for CVE-2023-53365",
"url": "https://bugzilla.suse.com/1249988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53365"
},
{
"cve": "CVE-2023-53367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53367"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/habanalabs: fix mem leak in capture user mappings\n\nThis commit fixes a memory leak caused when clearing the user_mappings\ninfo when a new context is opened immediately after user_mapping is\ncaptured and a hard reset is performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53367",
"url": "https://www.suse.com/security/cve/CVE-2023-53367"
},
{
"category": "external",
"summary": "SUSE Bug 1250243 for CVE-2023-53367",
"url": "https://bugzilla.suse.com/1250243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53367"
},
{
"cve": "CVE-2023-53368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53368"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix race issue between cpu buffer write and swap\n\nWarning happened in rb_end_commit() at code:\n\tif (RB_WARN_ON(cpu_buffer, !local_read(\u0026cpu_buffer-\u003ecommitting)))\n\n WARNING: CPU: 0 PID: 139 at kernel/trace/ring_buffer.c:3142\n\trb_commit+0x402/0x4a0\n Call Trace:\n ring_buffer_unlock_commit+0x42/0x250\n trace_buffer_unlock_commit_regs+0x3b/0x250\n trace_event_buffer_commit+0xe5/0x440\n trace_event_buffer_reserve+0x11c/0x150\n trace_event_raw_event_sched_switch+0x23c/0x2c0\n __traceiter_sched_switch+0x59/0x80\n __schedule+0x72b/0x1580\n schedule+0x92/0x120\n worker_thread+0xa0/0x6f0\n\nIt is because the race between writing event into cpu buffer and swapping\ncpu buffer through file per_cpu/cpu0/snapshot:\n\n Write on CPU 0 Swap buffer by per_cpu/cpu0/snapshot on CPU 1\n -------- --------\n tracing_snapshot_write()\n [...]\n\n ring_buffer_lock_reserve()\n cpu_buffer = buffer-\u003ebuffers[cpu]; // 1. Suppose find \u0027cpu_buffer_a\u0027;\n [...]\n rb_reserve_next_event()\n [...]\n\n ring_buffer_swap_cpu()\n if (local_read(\u0026cpu_buffer_a-\u003ecommitting))\n goto out_dec;\n if (local_read(\u0026cpu_buffer_b-\u003ecommitting))\n goto out_dec;\n buffer_a-\u003ebuffers[cpu] = cpu_buffer_b;\n buffer_b-\u003ebuffers[cpu] = cpu_buffer_a;\n // 2. cpu_buffer has swapped here.\n\n rb_start_commit(cpu_buffer);\n if (unlikely(READ_ONCE(cpu_buffer-\u003ebuffer)\n != buffer)) { // 3. This check passed due to \u0027cpu_buffer-\u003ebuffer\u0027\n [...] // has not changed here.\n return NULL;\n }\n cpu_buffer_b-\u003ebuffer = buffer_a;\n cpu_buffer_a-\u003ebuffer = buffer_b;\n [...]\n\n // 4. Reserve event from \u0027cpu_buffer_a\u0027.\n\n ring_buffer_unlock_commit()\n [...]\n cpu_buffer = buffer-\u003ebuffers[cpu]; // 5. Now find \u0027cpu_buffer_b\u0027 !!!\n rb_commit(cpu_buffer)\n rb_end_commit() // 6. WARN for the wrong \u0027committing\u0027 state !!!\n\nBased on above analysis, we can easily reproduce by following testcase:\n ``` bash\n #!/bin/bash\n\n dmesg -n 7\n sysctl -w kernel.panic_on_warn=1\n TR=/sys/kernel/tracing\n echo 7 \u003e ${TR}/buffer_size_kb\n echo \"sched:sched_switch\" \u003e ${TR}/set_event\n while [ true ]; do\n echo 1 \u003e ${TR}/per_cpu/cpu0/snapshot\n done \u0026\n while [ true ]; do\n echo 1 \u003e ${TR}/per_cpu/cpu0/snapshot\n done \u0026\n while [ true ]; do\n echo 1 \u003e ${TR}/per_cpu/cpu0/snapshot\n done \u0026\n ```\n\nTo fix it, IIUC, we can use smp_call_function_single() to do the swap on\nthe target cpu where the buffer is located, so that above race would be\navoided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53368",
"url": "https://www.suse.com/security/cve/CVE-2023-53368"
},
{
"category": "external",
"summary": "SUSE Bug 1249979 for CVE-2023-53368",
"url": "https://bugzilla.suse.com/1249979"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53368"
},
{
"cve": "CVE-2023-53369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dcb: choose correct policy to parse DCB_ATTR_BCN\n\nThe dcbnl_bcn_setcfg uses erroneous policy to parse tb[DCB_ATTR_BCN],\nwhich is introduced in commit 859ee3c43812 (\"DCB: Add support for DCB\nBCN\"). Please see the comment in below code\n\nstatic int dcbnl_bcn_setcfg(...)\n{\n ...\n ret = nla_parse_nested_deprecated(..., dcbnl_pfc_up_nest, .. )\n // !!! dcbnl_pfc_up_nest for attributes\n // DCB_PFC_UP_ATTR_0 to DCB_PFC_UP_ATTR_ALL in enum dcbnl_pfc_up_attrs\n ...\n for (i = DCB_BCN_ATTR_RP_0; i \u003c= DCB_BCN_ATTR_RP_7; i++) {\n // !!! DCB_BCN_ATTR_RP_0 to DCB_BCN_ATTR_RP_7 in enum dcbnl_bcn_attrs\n ...\n value_byte = nla_get_u8(data[i]);\n ...\n }\n ...\n for (i = DCB_BCN_ATTR_BCNA_0; i \u003c= DCB_BCN_ATTR_RI; i++) {\n // !!! DCB_BCN_ATTR_BCNA_0 to DCB_BCN_ATTR_RI in enum dcbnl_bcn_attrs\n ...\n value_int = nla_get_u32(data[i]);\n ...\n }\n ...\n}\n\nThat is, the nla_parse_nested_deprecated uses dcbnl_pfc_up_nest\nattributes to parse nlattr defined in dcbnl_pfc_up_attrs. But the\nfollowing access code fetch each nlattr as dcbnl_bcn_attrs attributes.\nBy looking up the associated nla_policy for dcbnl_bcn_attrs. We can find\nthe beginning part of these two policies are \"same\".\n\nstatic const struct nla_policy dcbnl_pfc_up_nest[...] = {\n [DCB_PFC_UP_ATTR_0] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_1] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_2] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_3] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_4] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_5] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_6] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_7] = {.type = NLA_U8},\n [DCB_PFC_UP_ATTR_ALL] = {.type = NLA_FLAG},\n};\n\nstatic const struct nla_policy dcbnl_bcn_nest[...] = {\n [DCB_BCN_ATTR_RP_0] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_1] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_2] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_3] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_4] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_5] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_6] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_7] = {.type = NLA_U8},\n [DCB_BCN_ATTR_RP_ALL] = {.type = NLA_FLAG},\n // from here is somewhat different\n [DCB_BCN_ATTR_BCNA_0] = {.type = NLA_U32},\n ...\n [DCB_BCN_ATTR_ALL] = {.type = NLA_FLAG},\n};\n\nTherefore, the current code is buggy and this\nnla_parse_nested_deprecated could overflow the dcbnl_pfc_up_nest and use\nthe adjacent nla_policy to parse attributes from DCB_BCN_ATTR_BCNA_0.\n\nHence use the correct policy dcbnl_bcn_nest to parse the nested\ntb[DCB_ATTR_BCN] TLV.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53369",
"url": "https://www.suse.com/security/cve/CVE-2023-53369"
},
{
"category": "external",
"summary": "SUSE Bug 1250206 for CVE-2023-53369",
"url": "https://bugzilla.suse.com/1250206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53369"
},
{
"cve": "CVE-2023-53370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53370"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix memory leak in mes self test\n\nThe fences associated with mes queue have to be freed\nup during amdgpu_ring_fini.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53370",
"url": "https://www.suse.com/security/cve/CVE-2023-53370"
},
{
"category": "external",
"summary": "SUSE Bug 1250208 for CVE-2023-53370",
"url": "https://bugzilla.suse.com/1250208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53370"
},
{
"cve": "CVE-2023-53371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create\n\nThe memory pointed to by the fs-\u003eany pointer is not freed in the error\npath of mlx5e_fs_tt_redirect_any_create, which can lead to a memory leak.\nFix by freeing the memory in the error path, thereby making the error path\nidentical to mlx5e_fs_tt_redirect_any_destroy().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53371",
"url": "https://www.suse.com/security/cve/CVE-2023-53371"
},
{
"category": "external",
"summary": "SUSE Bug 1250112 for CVE-2023-53371",
"url": "https://bugzilla.suse.com/1250112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53371"
},
{
"cve": "CVE-2023-53374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53374"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_conn: fail SCO/ISO via hci_conn_failed if ACL gone early\n\nNot calling hci_(dis)connect_cfm before deleting conn referred to by a\nsocket generally results to use-after-free.\n\nWhen cleaning up SCO connections when the parent ACL is deleted too\nearly, use hci_conn_failed to do the connection cleanup properly.\n\nWe also need to clean up ISO connections in a similar situation when\nconnecting has started but LE Create CIS is not yet sent, so do it too\nhere.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53374",
"url": "https://www.suse.com/security/cve/CVE-2023-53374"
},
{
"category": "external",
"summary": "SUSE Bug 1250196 for CVE-2023-53374",
"url": "https://bugzilla.suse.com/1250196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53374"
},
{
"cve": "CVE-2023-53377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: prevent use-after-free by freeing the cfile later\n\nIn smb2_compound_op we have a possible use-after-free\nwhich can cause hard to debug problems later on.\n\nThis was revealed during stress testing with KASAN enabled\nkernel. Fixing it by moving the cfile free call to\na few lines below, after the usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53377",
"url": "https://www.suse.com/security/cve/CVE-2023-53377"
},
{
"category": "external",
"summary": "SUSE Bug 1250161 for CVE-2023-53377",
"url": "https://bugzilla.suse.com/1250161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53377"
},
{
"cve": "CVE-2023-53379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()\n\nSmatch reports:\ndrivers/usb/phy/phy-tahvo.c: tahvo_usb_probe()\nwarn: missing unwind goto?\n\nAfter geting irq, if ret \u003c 0, it will return without error handling to\nfree memory.\nJust add error handling to fix this problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53379",
"url": "https://www.suse.com/security/cve/CVE-2023-53379"
},
{
"category": "external",
"summary": "SUSE Bug 1250128 for CVE-2023-53379",
"url": "https://bugzilla.suse.com/1250128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53379"
},
{
"cve": "CVE-2023-53380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53380"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null-ptr-deref of mreplace in raid10_sync_request\n\nThere are two check of \u0027mreplace\u0027 in raid10_sync_request(). In the first\ncheck, \u0027need_replace\u0027 will be set and \u0027mreplace\u0027 will be used later if\nno-Faulty \u0027mreplace\u0027 exists, In the second check, \u0027mreplace\u0027 will be\nset to NULL if it is Faulty, but \u0027need_replace\u0027 will not be changed\naccordingly. null-ptr-deref occurs if Faulty is set between two check.\n\nFix it by merging two checks into one. And replace \u0027need_replace\u0027 with\n\u0027mreplace\u0027 because their values are always the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53380",
"url": "https://www.suse.com/security/cve/CVE-2023-53380"
},
{
"category": "external",
"summary": "SUSE Bug 1250198 for CVE-2023-53380",
"url": "https://bugzilla.suse.com/1250198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53380"
},
{
"cve": "CVE-2023-53384",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53384"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: avoid possible NULL skb pointer dereference\n\nIn \u0027mwifiex_handle_uap_rx_forward()\u0027, always check the value\nreturned by \u0027skb_copy()\u0027 to avoid potential NULL pointer\ndereference in \u0027mwifiex_uap_queue_bridged_pkt()\u0027, and drop\noriginal skb in case of copying failure.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53384",
"url": "https://www.suse.com/security/cve/CVE-2023-53384"
},
{
"category": "external",
"summary": "SUSE Bug 1250127 for CVE-2023-53384",
"url": "https://bugzilla.suse.com/1250127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53384"
},
{
"cve": "CVE-2023-53385",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53385"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mdp3: Fix resource leaks in of_find_device_by_node\n\nUse put_device to release the object get through of_find_device_by_node,\navoiding resource leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53385",
"url": "https://www.suse.com/security/cve/CVE-2023-53385"
},
{
"category": "external",
"summary": "SUSE Bug 1250319 for CVE-2023-53385",
"url": "https://bugzilla.suse.com/1250319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53385"
},
{
"cve": "CVE-2023-53386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix potential use-after-free when clear keys\n\nSimilar to commit c5d2b6fa26b5 (\"Bluetooth: Fix use-after-free in\nhci_remove_ltk/hci_remove_irk\"). We can not access k after kfree_rcu()\ncall.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53386",
"url": "https://www.suse.com/security/cve/CVE-2023-53386"
},
{
"category": "external",
"summary": "SUSE Bug 1250106 for CVE-2023-53386",
"url": "https://bugzilla.suse.com/1250106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53386"
},
{
"cve": "CVE-2023-53391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53391"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nshmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs\n\nAs the ramfs-based tmpfs uses ramfs_init_fs_context() for the\ninit_fs_context method, which allocates fc-\u003es_fs_info, use ramfs_kill_sb()\nto free it and avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53391",
"url": "https://www.suse.com/security/cve/CVE-2023-53391"
},
{
"category": "external",
"summary": "SUSE Bug 1250117 for CVE-2023-53391",
"url": "https://bugzilla.suse.com/1250117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53391"
},
{
"cve": "CVE-2023-53394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53394"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: xsk: Fix crash on regular rq reactivation\n\nWhen the regular rq is reactivated after the XSK socket is closed\nit could be reading stale cqes which eventually corrupts the rq.\nThis leads to no more traffic being received on the regular rq and a\ncrash on the next close or deactivation of the rq.\n\nKal Cuttler Conely reported this issue as a crash on the release\npath when the xdpsock sample program is stopped (killed) and restarted\nin sequence while traffic is running.\n\nThis patch flushes all cqes when during the rq flush. The cqe flushing\nis done in the reset state of the rq. mlx5e_rq_to_ready code is moved\ninto the flush function to allow for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53394",
"url": "https://www.suse.com/security/cve/CVE-2023-53394"
},
{
"category": "external",
"summary": "SUSE Bug 1250199 for CVE-2023-53394",
"url": "https://bugzilla.suse.com/1250199"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53394"
},
{
"cve": "CVE-2023-53395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer\n\nACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5\n\nAccording to the ACPI specification 19.6.134, no argument is required to be passed for ASL Timer instruction. For taking care of no argument, AML_NO_OPERAND_RESOLVE flag is added to ASL Timer instruction opcode.\n\nWhen ASL timer instruction interpreted by ACPI interpreter, getting error. After adding AML_NO_OPERAND_RESOLVE flag to ASL Timer instruction opcode, issue is not observed.\n\n=============================================================\nUBSAN: array-index-out-of-bounds in acpica/dswexec.c:401:12 index -1 is out of range for type \u0027union acpi_operand_object *[9]\u0027\nCPU: 37 PID: 1678 Comm: cat Not tainted\n6.0.0-dev-th500-6.0.y-1+bcf8c46459e407-generic-64k\nHW name: NVIDIA BIOS v1.1.1-d7acbfc-dirty 12/19/2022 Call trace:\n dump_backtrace+0xe0/0x130\n show_stack+0x20/0x60\n dump_stack_lvl+0x68/0x84\n dump_stack+0x18/0x34\n ubsan_epilogue+0x10/0x50\n __ubsan_handle_out_of_bounds+0x80/0x90\n acpi_ds_exec_end_op+0x1bc/0x6d8\n acpi_ps_parse_loop+0x57c/0x618\n acpi_ps_parse_aml+0x1e0/0x4b4\n acpi_ps_execute_method+0x24c/0x2b8\n acpi_ns_evaluate+0x3a8/0x4bc\n acpi_evaluate_object+0x15c/0x37c\n acpi_evaluate_integer+0x54/0x15c\n show_power+0x8c/0x12c [acpi_power_meter]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53395",
"url": "https://www.suse.com/security/cve/CVE-2023-53395"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2023-53395",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250358 for CVE-2023-53395",
"url": "https://bugzilla.suse.com/1250358"
},
{
"category": "external",
"summary": "SUSE Bug 1250359 for CVE-2023-53395",
"url": "https://bugzilla.suse.com/1250359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53395"
},
{
"cve": "CVE-2023-53397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53397"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmodpost: fix off by one in is_executable_section()\n\nThe \u003e comparison should be \u003e= to prevent an out of bounds array\naccess.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53397",
"url": "https://www.suse.com/security/cve/CVE-2023-53397"
},
{
"category": "external",
"summary": "SUSE Bug 1250125 for CVE-2023-53397",
"url": "https://bugzilla.suse.com/1250125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53397"
},
{
"cve": "CVE-2023-53401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53401"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()\n\nKCSAN found an issue in obj_stock_flush_required():\nstock-\u003ecached_objcg can be reset between the check and dereference:\n\n==================================================================\nBUG: KCSAN: data-race in drain_all_stock / drain_obj_stock\n\nwrite to 0xffff888237c2a2f8 of 8 bytes by task 19625 on cpu 0:\n drain_obj_stock+0x408/0x4e0 mm/memcontrol.c:3306\n refill_obj_stock+0x9c/0x1e0 mm/memcontrol.c:3340\n obj_cgroup_uncharge+0xe/0x10 mm/memcontrol.c:3408\n memcg_slab_free_hook mm/slab.h:587 [inline]\n __cache_free mm/slab.c:3373 [inline]\n __do_kmem_cache_free mm/slab.c:3577 [inline]\n kmem_cache_free+0x105/0x280 mm/slab.c:3602\n __d_free fs/dcache.c:298 [inline]\n dentry_free fs/dcache.c:375 [inline]\n __dentry_kill+0x422/0x4a0 fs/dcache.c:621\n dentry_kill+0x8d/0x1e0\n dput+0x118/0x1f0 fs/dcache.c:913\n __fput+0x3bf/0x570 fs/file_table.c:329\n ____fput+0x15/0x20 fs/file_table.c:349\n task_work_run+0x123/0x160 kernel/task_work.c:179\n resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]\n exit_to_user_mode_loop+0xcf/0xe0 kernel/entry/common.c:171\n exit_to_user_mode_prepare+0x6a/0xa0 kernel/entry/common.c:203\n __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]\n syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:296\n do_syscall_64+0x4d/0xc0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffff888237c2a2f8 of 8 bytes by task 19632 on cpu 1:\n obj_stock_flush_required mm/memcontrol.c:3319 [inline]\n drain_all_stock+0x174/0x2a0 mm/memcontrol.c:2361\n try_charge_memcg+0x6d0/0xd10 mm/memcontrol.c:2703\n try_charge mm/memcontrol.c:2837 [inline]\n mem_cgroup_charge_skmem+0x51/0x140 mm/memcontrol.c:7290\n sock_reserve_memory+0xb1/0x390 net/core/sock.c:1025\n sk_setsockopt+0x800/0x1e70 net/core/sock.c:1525\n udp_lib_setsockopt+0x99/0x6c0 net/ipv4/udp.c:2692\n udp_setsockopt+0x73/0xa0 net/ipv4/udp.c:2817\n sock_common_setsockopt+0x61/0x70 net/core/sock.c:3668\n __sys_setsockopt+0x1c3/0x230 net/socket.c:2271\n __do_sys_setsockopt net/socket.c:2282 [inline]\n __se_sys_setsockopt net/socket.c:2279 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2279\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0xffff8881382d52c0 -\u003e 0xffff888138893740\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 19632 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00387-g534293368afa #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023\n\nFix it by using READ_ONCE()/WRITE_ONCE() for all accesses to\nstock-\u003ecached_objcg.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53401",
"url": "https://www.suse.com/security/cve/CVE-2023-53401"
},
{
"category": "external",
"summary": "SUSE Bug 1250120 for CVE-2023-53401",
"url": "https://bugzilla.suse.com/1250120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53401"
},
{
"cve": "CVE-2023-53420",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53420"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()\n\nHere is a BUG report from syzbot:\n\nBUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]\nBUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710\nRead of size 1 at addr ffff888021acaf3d by task syz-executor128/3632\n\nCall Trace:\n ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]\n ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710\n vfs_listxattr fs/xattr.c:457 [inline]\n listxattr+0x293/0x2d0 fs/xattr.c:804\n\nFix the logic of ea_all iteration. When the ea-\u003ename_len is 0,\nreturn immediately, or Add2Ptr() would visit invalid memory\nin the next loop.\n\n[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53420",
"url": "https://www.suse.com/security/cve/CVE-2023-53420"
},
{
"category": "external",
"summary": "SUSE Bug 1250186 for CVE-2023-53420",
"url": "https://bugzilla.suse.com/1250186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53420"
},
{
"cve": "CVE-2023-53421",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53421"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()\n\nWhen blkg_alloc() is called to allocate a blkcg_gq structure\nwith the associated blkg_iostat_set\u0027s, there are 2 fields within\nblkg_iostat_set that requires proper initialization - blkg \u0026 sync.\nThe former field was introduced by commit 3b8cc6298724 (\"blk-cgroup:\nOptimize blkcg_rstat_flush()\") while the later one was introduced by\ncommit f73316482977 (\"blk-cgroup: reimplement basic IO stats using\ncgroup rstat\").\n\nUnfortunately those fields in the blkg_iostat_set\u0027s are not properly\nre-initialized when they are cleared in v1\u0027s blkcg_reset_stats(). This\ncan lead to a kernel panic due to NULL pointer access of the blkg\npointer. The missing initialization of sync is less problematic and\ncan be a problem in a debug kernel due to missing lockdep initialization.\n\nFix these problems by re-initializing them after memory clearing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53421",
"url": "https://www.suse.com/security/cve/CVE-2023-53421"
},
{
"category": "external",
"summary": "SUSE Bug 1250171 for CVE-2023-53421",
"url": "https://bugzilla.suse.com/1250171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53421"
},
{
"cve": "CVE-2023-53424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53424"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: fix of_iomap memory leak\n\nSmatch reports:\ndrivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn:\n \u0027base\u0027 from of_iomap() not released on lines: 496.\n\nThis problem was also found in linux-next. In mtk_clk_simple_probe(),\nbase is not released when handling errors\nif clk_data is not existed, which may cause a leak.\nSo free_base should be added here to release base.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53424",
"url": "https://www.suse.com/security/cve/CVE-2023-53424"
},
{
"category": "external",
"summary": "SUSE Bug 1250169 for CVE-2023-53424",
"url": "https://bugzilla.suse.com/1250169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53424"
},
{
"cve": "CVE-2023-53425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: platform: mediatek: vpu: fix NULL ptr dereference\n\nIf pdev is NULL, then it is still dereferenced.\n\nThis fixes this smatch warning:\n\ndrivers/media/platform/mediatek/vpu/mtk_vpu.c:570 vpu_load_firmware() warn: address of NULL pointer \u0027pdev\u0027",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53425",
"url": "https://www.suse.com/security/cve/CVE-2023-53425"
},
{
"category": "external",
"summary": "SUSE Bug 1250290 for CVE-2023-53425",
"url": "https://bugzilla.suse.com/1250290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53425"
},
{
"cve": "CVE-2023-53426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53426"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix xsk_diag use-after-free error during socket cleanup\n\nFix a use-after-free error that is possible if the xsk_diag interface\nis used after the socket has been unbound from the device. This can\nhappen either due to the socket being closed or the device\ndisappearing. In the early days of AF_XDP, the way we tested that a\nsocket was not bound to a device was to simply check if the netdevice\npointer in the xsk socket structure was NULL. Later, a better system\nwas introduced by having an explicit state variable in the xsk socket\nstruct. For example, the state of a socket that is on the way to being\nclosed and has been unbound from the device is XSK_UNBOUND.\n\nThe commit in the Fixes tag below deleted the old way of signalling\nthat a socket is unbound, setting dev to NULL. This in the belief that\nall code using the old way had been exterminated. That was\nunfortunately not true as the xsk diagnostics code was still using the\nold way and thus does not work as intended when a socket is going\ndown. Fix this by introducing a test against the state variable. If\nthe socket is in the state XSK_UNBOUND, simply abort the diagnostic\u0027s\nnetlink operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53426",
"url": "https://www.suse.com/security/cve/CVE-2023-53426"
},
{
"category": "external",
"summary": "SUSE Bug 1250166 for CVE-2023-53426",
"url": "https://bugzilla.suse.com/1250166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53426"
},
{
"cve": "CVE-2023-53428",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53428"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowercap: arm_scmi: Remove recursion while parsing zones\n\nPowercap zones can be defined as arranged in a hierarchy of trees and when\nregistering a zone with powercap_register_zone(), the kernel powercap\nsubsystem expects this to happen starting from the root zones down to the\nleaves; on the other side, de-registration by powercap_deregister_zone()\nmust begin from the leaf zones.\n\nAvailable SCMI powercap zones are retrieved dynamically from the platform\nat probe time and, while any defined hierarchy between the zones is\ndescribed properly in the zones descriptor, the platform returns the\navailables zones with no particular well-defined order: as a consequence,\nthe trees possibly composing the hierarchy of zones have to be somehow\nwalked properly to register the retrieved zones from the root.\n\nCurrently the ARM SCMI Powercap driver walks the zones using a recursive\nalgorithm; this approach, even though correct and tested can lead to kernel\nstack overflow when processing a returned hierarchy of zones composed by\nparticularly high trees.\n\nAvoid possible kernel stack overflow by substituting the recursive approach\nwith an iterative one supported by a dynamically allocated stack-like data\nstructure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53428",
"url": "https://www.suse.com/security/cve/CVE-2023-53428"
},
{
"category": "external",
"summary": "SUSE Bug 1250167 for CVE-2023-53428",
"url": "https://bugzilla.suse.com/1250167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53428"
},
{
"cve": "CVE-2023-53429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53429"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t check PageError in __extent_writepage\n\n__extent_writepage currenly sets PageError whenever any error happens,\nand the also checks for PageError to decide if to call error handling.\nThis leads to very unclear responsibility for cleaning up on errors.\nIn the VM and generic writeback helpers the basic idea is that once\nI/O is fired off all error handling responsibility is delegated to the\nend I/O handler. But if that end I/O handler sets the PageError bit,\nand the submitter checks it, the bit could in some cases leak into the\nsubmission context for fast enough I/O.\n\nFix this by simply not checking PageError and just using the local\nret variable to check for submission errors. This also fundamentally\nsolves the long problem documented in a comment in __extent_writepage\nby never leaking the error bit into the submission context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53429",
"url": "https://www.suse.com/security/cve/CVE-2023-53429"
},
{
"category": "external",
"summary": "SUSE Bug 1250384 for CVE-2023-53429",
"url": "https://bugzilla.suse.com/1250384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53429"
},
{
"cve": "CVE-2023-53432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53432"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: net: fix use after free in fwnet_finish_incoming_packet()\n\nThe netif_rx() function frees the skb so we can\u0027t dereference it to\nsave the skb-\u003elen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53432",
"url": "https://www.suse.com/security/cve/CVE-2023-53432"
},
{
"category": "external",
"summary": "SUSE Bug 1250426 for CVE-2023-53432",
"url": "https://bugzilla.suse.com/1250426"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53432"
},
{
"cve": "CVE-2023-53436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53436"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: snic: Fix possible memory leak if device_add() fails\n\nIf device_add() returns error, the name allocated by dev_set_name() needs\nbe freed. As the comment of device_add() says, put_device() should be used\nto give up the reference in the error path. So fix this by calling\nput_device(), then the name can be freed in kobject_cleanp().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53436",
"url": "https://www.suse.com/security/cve/CVE-2023-53436"
},
{
"category": "external",
"summary": "SUSE Bug 1250156 for CVE-2023-53436",
"url": "https://bugzilla.suse.com/1250156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53436"
},
{
"cve": "CVE-2023-53438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53438"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/MCE: Always save CS register on AMD Zen IF Poison errors\n\nThe Instruction Fetch (IF) units on current AMD Zen-based systems do not\nguarantee a synchronous #MC is delivered for poison consumption errors.\nTherefore, MCG_STATUS[EIPV|RIPV] will not be set. However, the\nmicroarchitecture does guarantee that the exception is delivered within\nthe same context. In other words, the exact rIP is not known, but the\ncontext is known to not have changed.\n\nThere is no architecturally-defined method to determine this behavior.\n\nThe Code Segment (CS) register is always valid on such IF unit poison\nerrors regardless of the value of MCG_STATUS[EIPV|RIPV].\n\nAdd a quirk to save the CS register for poison consumption from the IF\nunit banks.\n\nThis is needed to properly determine the context of the error.\nOtherwise, the severity grading function will assume the context is\nIN_KERNEL due to the m-\u003ecs value being 0 (the initialized value). This\nleads to unnecessary kernel panics on data poison errors due to the\nkernel believing the poison consumption occurred in kernel context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53438",
"url": "https://www.suse.com/security/cve/CVE-2023-53438"
},
{
"category": "external",
"summary": "SUSE Bug 1250180 for CVE-2023-53438",
"url": "https://bugzilla.suse.com/1250180"
},
{
"category": "external",
"summary": "SUSE Bug 1250708 for CVE-2023-53438",
"url": "https://bugzilla.suse.com/1250708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53438"
},
{
"cve": "CVE-2023-53441",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53441"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: cpumap: Fix memory leak in cpu_map_update_elem\n\nSyzkaller reported a memory leak as follows:\n\nBUG: memory leak\nunreferenced object 0xff110001198ef748 (size 192):\n comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n hex dump (first 32 bytes):\n 00 00 00 00 4a 19 00 00 80 ad e3 e4 fe ff c0 00 ....J...........\n 00 b2 d3 0c 01 00 11 ff 28 f5 8e 19 01 00 11 ff ........(.......\n backtrace:\n [\u003cffffffffadd28087\u003e] __cpu_map_entry_alloc+0xf7/0xb00\n [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nBUG: memory leak\nunreferenced object 0xff110001198ef528 (size 192):\n comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003cffffffffadd281f0\u003e] __cpu_map_entry_alloc+0x260/0xb00\n [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nBUG: memory leak\nunreferenced object 0xff1100010fd93d68 (size 8):\n comm \"syz-executor.3\", pid 17672, jiffies 4298118891 (age 9.906s)\n hex dump (first 8 bytes):\n 00 00 00 00 00 00 00 00 ........\n backtrace:\n [\u003cffffffffade5db3e\u003e] kvmalloc_node+0x11e/0x170\n [\u003cffffffffadd28280\u003e] __cpu_map_entry_alloc+0x2f0/0xb00\n [\u003cffffffffadd28d8e\u003e] cpu_map_update_elem+0x2fe/0x3d0\n [\u003cffffffffadc6d0fd\u003e] bpf_map_update_value.isra.0+0x2bd/0x520\n [\u003cffffffffadc7349b\u003e] map_update_elem+0x4cb/0x720\n [\u003cffffffffadc7d983\u003e] __se_sys_bpf+0x8c3/0xb90\n [\u003cffffffffb029cc80\u003e] do_syscall_64+0x30/0x40\n [\u003cffffffffb0400099\u003e] entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nIn the cpu_map_update_elem flow, when kthread_stop is called before\ncalling the threadfn of rcpu-\u003ekthread, since the KTHREAD_SHOULD_STOP bit\nof kthread has been set by kthread_stop, the threadfn of rcpu-\u003ekthread\nwill never be executed, and rcpu-\u003erefcnt will never be 0, which will\nlead to the allocated rcpu, rcpu-\u003equeue and rcpu-\u003equeue-\u003equeue cannot be\nreleased.\n\nCalling kthread_stop before executing kthread\u0027s threadfn will return\n-EINTR. We can complete the release of memory resources in this state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53441",
"url": "https://www.suse.com/security/cve/CVE-2023-53441"
},
{
"category": "external",
"summary": "SUSE Bug 1250150 for CVE-2023-53441",
"url": "https://bugzilla.suse.com/1250150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53441"
},
{
"cve": "CVE-2023-53442",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53442"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Block switchdev mode when ADQ is active and vice versa\n\nADQ and switchdev are not supported simultaneously. Enabling both at the\nsame time can result in nullptr dereference.\n\nTo prevent this, check if ADQ is active when changing devlink mode to\nswitchdev mode, and check if switchdev is active when enabling ADQ.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53442",
"url": "https://www.suse.com/security/cve/CVE-2023-53442"
},
{
"category": "external",
"summary": "SUSE Bug 1250201 for CVE-2023-53442",
"url": "https://bugzilla.suse.com/1250201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53442"
},
{
"cve": "CVE-2023-53444",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53444"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/ttm: fix bulk_move corruption when adding a entry\n\nWhen the resource is the first in the bulk_move range, adding it again\n(thus moving it to the tail) will corrupt the list since the first\npointer is not moved. This eventually lead to null pointer deref in\nttm_lru_bulk_move_del()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53444",
"url": "https://www.suse.com/security/cve/CVE-2023-53444"
},
{
"category": "external",
"summary": "SUSE Bug 1250157 for CVE-2023-53444",
"url": "https://bugzilla.suse.com/1250157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53444"
},
{
"cve": "CVE-2023-53446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53446"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free\n\nStruct pcie_link_state-\u003edownstream is a pointer to the pci_dev of function\n0. Previously we retained that pointer when removing function 0, and\nsubsequent ASPM policy changes dereferenced it, resulting in a\nuse-after-free warning from KASAN, e.g.:\n\n # echo 1 \u003e /sys/bus/pci/devices/0000:03:00.0/remove\n # echo powersave \u003e /sys/module/pcie_aspm/parameters/policy\n\n BUG: KASAN: slab-use-after-free in pcie_config_aspm_link+0x42d/0x500\n Call Trace:\n kasan_report+0xae/0xe0\n pcie_config_aspm_link+0x42d/0x500\n pcie_aspm_set_policy+0x8e/0x1a0\n param_attr_store+0x162/0x2c0\n module_attr_store+0x3e/0x80\n\nPCIe spec r6.0, sec 7.5.3.7, recommends that software program the same ASPM\nControl value in all functions of multi-function devices.\n\nDisable ASPM and free the pcie_link_state when any child function is\nremoved so we can discard the dangling pcie_link_state-\u003edownstream pointer\nand maintain the same ASPM Control configuration for all functions.\n\n[bhelgaas: commit log and comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53446",
"url": "https://www.suse.com/security/cve/CVE-2023-53446"
},
{
"category": "external",
"summary": "SUSE Bug 1250145 for CVE-2023-53446",
"url": "https://bugzilla.suse.com/1250145"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53446"
},
{
"cve": "CVE-2023-53447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53447"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: don\u0027t reset unchangable mount option in f2fs_remount()\n\nsyzbot reports a bug as below:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN\nRIP: 0010:__lock_acquire+0x69/0x2000 kernel/locking/lockdep.c:4942\nCall Trace:\n lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5691\n __raw_write_lock include/linux/rwlock_api_smp.h:209 [inline]\n _raw_write_lock+0x2e/0x40 kernel/locking/spinlock.c:300\n __drop_extent_tree+0x3ac/0x660 fs/f2fs/extent_cache.c:1100\n f2fs_drop_extent_tree+0x17/0x30 fs/f2fs/extent_cache.c:1116\n f2fs_insert_range+0x2d5/0x3c0 fs/f2fs/file.c:1664\n f2fs_fallocate+0x4e4/0x6d0 fs/f2fs/file.c:1838\n vfs_fallocate+0x54b/0x6b0 fs/open.c:324\n ksys_fallocate fs/open.c:347 [inline]\n __do_sys_fallocate fs/open.c:355 [inline]\n __se_sys_fallocate fs/open.c:353 [inline]\n __x64_sys_fallocate+0xbd/0x100 fs/open.c:353\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is race condition as below:\n- since it tries to remount rw filesystem, so that do_remount won\u0027t\ncall sb_prepare_remount_readonly to block fallocate, there may be race\ncondition in between remount and fallocate.\n- in f2fs_remount(), default_options() will reset mount option to default\none, and then update it based on result of parse_options(), so there is\na hole which race condition can happen.\n\nThread A\t\t\tThread B\n- f2fs_fill_super\n - parse_options\n - clear_opt(READ_EXTENT_CACHE)\n\n- f2fs_remount\n - default_options\n - set_opt(READ_EXTENT_CACHE)\n\t\t\t\t- f2fs_fallocate\n\t\t\t\t - f2fs_insert_range\n\t\t\t\t - f2fs_drop_extent_tree\n\t\t\t\t - __drop_extent_tree\n\t\t\t\t - __may_extent_tree\n\t\t\t\t - test_opt(READ_EXTENT_CACHE) return true\n\t\t\t\t - write_lock(\u0026et-\u003elock) access NULL pointer\n - parse_options\n - clear_opt(READ_EXTENT_CACHE)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53447",
"url": "https://www.suse.com/security/cve/CVE-2023-53447"
},
{
"category": "external",
"summary": "SUSE Bug 1250241 for CVE-2023-53447",
"url": "https://bugzilla.suse.com/1250241"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53447"
},
{
"cve": "CVE-2023-53448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53448"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: imxfb: Removed unneeded release_mem_region\n\nRemove unnecessary release_mem_region from the error path to prevent\nmem region from being released twice, which could avoid resource leak\nor other unexpected issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53448",
"url": "https://www.suse.com/security/cve/CVE-2023-53448"
},
{
"category": "external",
"summary": "SUSE Bug 1250873 for CVE-2023-53448",
"url": "https://bugzilla.suse.com/1250873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53448"
},
{
"cve": "CVE-2023-53451",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53451"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix potential NULL pointer dereference\n\nKlocwork tool reported \u0027cur_dsd\u0027 may be dereferenced. Add fix to validate\npointer before dereferencing the pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53451",
"url": "https://www.suse.com/security/cve/CVE-2023-53451"
},
{
"category": "external",
"summary": "SUSE Bug 1250831 for CVE-2023-53451",
"url": "https://bugzilla.suse.com/1250831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53451"
},
{
"cve": "CVE-2023-53454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53454"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: Correct devm device reference for hidinput input_dev name\n\nReference the HID device rather than the input device for the devm\nallocation of the input_dev name. Referencing the input_dev would lead to a\nuse-after-free when the input_dev was unregistered and subsequently fires a\nuevent that depends on the name. At the point of firing the uevent, the\nname would be freed by devres management.\n\nUse devm_kasprintf to simplify the logic for allocating memory and\nformatting the input_dev name string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53454",
"url": "https://www.suse.com/security/cve/CVE-2023-53454"
},
{
"category": "external",
"summary": "SUSE Bug 1250759 for CVE-2023-53454",
"url": "https://bugzilla.suse.com/1250759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53454"
},
{
"cve": "CVE-2023-53456",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53456"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Add length check when parsing nlattrs\n\nThere are three places that qla4xxx parses nlattrs:\n\n - qla4xxx_set_chap_entry()\n\n - qla4xxx_iface_set_param()\n\n - qla4xxx_sysfs_ddb_set_param()\n\nand each of them directly converts the nlattr to specific pointer of\nstructure without length checking. This could be dangerous as those\nattributes are not validated and a malformed nlattr (e.g., length 0) could\nresult in an OOB read that leaks heap dirty data.\n\nAdd the nla_len check before accessing the nlattr data and return EINVAL if\nthe length check fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53456",
"url": "https://www.suse.com/security/cve/CVE-2023-53456"
},
{
"category": "external",
"summary": "SUSE Bug 1250765 for CVE-2023-53456",
"url": "https://bugzilla.suse.com/1250765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53456"
},
{
"cve": "CVE-2023-53457",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53457"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nFS: JFS: Fix null-ptr-deref Read in txBegin\n\n Syzkaller reported an issue where txBegin may be called\n on a superblock in a read-only mounted filesystem which leads\n to NULL pointer deref. This could be solved by checking if\n the filesystem is read-only before calling txBegin, and returning\n with appropiate error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53457",
"url": "https://www.suse.com/security/cve/CVE-2023-53457"
},
{
"category": "external",
"summary": "SUSE Bug 1250763 for CVE-2023-53457",
"url": "https://bugzilla.suse.com/1250763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53457"
},
{
"cve": "CVE-2023-53461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53461"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: wait interruptibly for request completions on exit\n\nWHen the ring exits, cleanup is done and the final cancelation and\nwaiting on completions is done by io_ring_exit_work. That function is\ninvoked by kworker, which doesn\u0027t take any signals. Because of that, it\ndoesn\u0027t really matter if we wait for completions in TASK_INTERRUPTIBLE\nor TASK_UNINTERRUPTIBLE state. However, it does matter to the hung task\ndetection checker!\n\nNormally we expect cancelations and completions to happen rather\nquickly. Some test cases, however, will exit the ring and park the\nowning task stopped (eg via SIGSTOP). If the owning task needs to run\ntask_work to complete requests, then io_ring_exit_work won\u0027t make any\nprogress until the task is runnable again. Hence io_ring_exit_work can\ntrigger the hung task detection, which is particularly problematic if\npanic-on-hung-task is enabled.\n\nAs the ring exit doesn\u0027t take signals to begin with, have it wait\ninterruptibly rather than uninterruptibly. io_uring has a separate\nstuck-exit warning that triggers independently anyway, so we\u0027re not\nreally missing anything by making this switch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53461",
"url": "https://www.suse.com/security/cve/CVE-2023-53461"
},
{
"category": "external",
"summary": "SUSE Bug 1250941 for CVE-2023-53461",
"url": "https://bugzilla.suse.com/1250941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53461"
},
{
"cve": "CVE-2023-53462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53462"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in fill_frame_info()\n\nSyzbot reports the following uninit-value access problem.\n\n=====================================================\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]\nBUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\n fill_frame_info net/hsr/hsr_forward.c:601 [inline]\n hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\n hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4889 [inline]\n netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n xmit_one net/core/dev.c:3544 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560\n __dev_queue_xmit+0x34d0/0x52a0 net/core/dev.c:4340\n dev_queue_xmit include/linux/netdevice.h:3082 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n __sys_sendto+0x781/0xa30 net/socket.c:2176\n __do_sys_sendto net/socket.c:2188 [inline]\n __se_sys_sendto net/socket.c:2184 [inline]\n __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:644\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6299\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2794\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n __sys_sendto+0x781/0xa30 net/socket.c:2176\n __do_sys_sendto net/socket.c:2188 [inline]\n __se_sys_sendto net/socket.c:2184 [inline]\n __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nIt is because VLAN not yet supported in hsr driver. Return error\nwhen protocol is ETH_P_8021Q in fill_frame_info() now to fix it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53462",
"url": "https://www.suse.com/security/cve/CVE-2023-53462"
},
{
"category": "external",
"summary": "SUSE Bug 1250878 for CVE-2023-53462",
"url": "https://bugzilla.suse.com/1250878"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53462"
},
{
"cve": "CVE-2023-53463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53463"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Do not reset dql stats on NON_FATAL err\n\nAll ibmvnic resets, make a call to netdev_tx_reset_queue() when\nre-opening the device. netdev_tx_reset_queue() resets the num_queued\nand num_completed byte counters. These stats are used in Byte Queue\nLimit (BQL) algorithms. The difference between these two stats tracks\nthe number of bytes currently sitting on the physical NIC. ibmvnic\nincreases the number of queued bytes though calls to\nnetdev_tx_sent_queue() in the drivers xmit function. When, VIOS reports\nthat it is done transmitting bytes, the ibmvnic device increases the\nnumber of completed bytes through calls to netdev_tx_completed_queue().\nIt is important to note that the driver batches its transmit calls and\nnum_queued is increased every time that an skb is added to the next\nbatch, not necessarily when the batch is sent to VIOS for transmission.\n\nUnlike other reset types, a NON FATAL reset will not flush the sub crq\ntx buffers. Therefore, it is possible for the batched skb array to be\npartially full. So if there is call to netdev_tx_reset_queue() when\nre-opening the device, the value of num_queued (0) would not account\nfor the skb\u0027s that are currently batched. Eventually, when the batch\nis sent to VIOS, the call to netdev_tx_completed_queue() would increase\nnum_completed to a value greater than the num_queued. This causes a\nBUG_ON crash:\n\nibmvnic 30000002: Firmware reports error, cause: adapter problem.\nStarting recovery...\nibmvnic 30000002: tx error 600\nibmvnic 30000002: tx error 600\nibmvnic 30000002: tx error 600\nibmvnic 30000002: tx error 600\n------------[ cut here ]------------\nkernel BUG at lib/dynamic_queue_limits.c:27!\nOops: Exception in kernel mode, sig: 5\n[....]\nNIP dql_completed+0x28/0x1c0\nLR ibmvnic_complete_tx.isra.0+0x23c/0x420 [ibmvnic]\nCall Trace:\nibmvnic_complete_tx.isra.0+0x3f8/0x420 [ibmvnic] (unreliable)\nibmvnic_interrupt_tx+0x40/0x70 [ibmvnic]\n__handle_irq_event_percpu+0x98/0x270\n---[ end trace ]---\n\nTherefore, do not reset the dql stats when performing a NON_FATAL reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53463",
"url": "https://www.suse.com/security/cve/CVE-2023-53463"
},
{
"category": "external",
"summary": "SUSE Bug 1250867 for CVE-2023-53463",
"url": "https://bugzilla.suse.com/1250867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53463"
},
{
"cve": "CVE-2023-53465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: qcom: fix storing port config out-of-bounds\n\nThe \u0027qcom_swrm_ctrl-\u003epconfig\u0027 has size of QCOM_SDW_MAX_PORTS (14),\nhowever we index it starting from 1, not 0, to match real port numbers.\nThis can lead to writing port config past \u0027pconfig\u0027 bounds and\noverwriting next member of \u0027qcom_swrm_ctrl\u0027 struct. Reported also by\nsmatch:\n\n drivers/soundwire/qcom.c:1269 qcom_swrm_get_port_config() error: buffer overflow \u0027ctrl-\u003epconfig\u0027 14 \u003c= 14",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53465",
"url": "https://www.suse.com/security/cve/CVE-2023-53465"
},
{
"category": "external",
"summary": "SUSE Bug 1250863 for CVE-2023-53465",
"url": "https://bugzilla.suse.com/1250863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53465"
},
{
"cve": "CVE-2023-53472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53472"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: lpc32xx: Remove handling of PWM channels\n\nBecause LPC32xx PWM controllers have only a single output which is\nregistered as the only PWM device/channel per controller, it is known in\nadvance that pwm-\u003ehwpwm value is always 0. On basis of this fact\nsimplify the code by removing operations with pwm-\u003ehwpwm, there is no\ncontrols which require channel number as input.\n\nEven though I wasn\u0027t aware at the time when I forward ported that patch,\nthis fixes a null pointer dereference as lpc32xx-\u003echip.pwms is NULL\nbefore devm_pwmchip_add() is called.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53472",
"url": "https://www.suse.com/security/cve/CVE-2023-53472"
},
{
"category": "external",
"summary": "SUSE Bug 1250841 for CVE-2023-53472",
"url": "https://bugzilla.suse.com/1250841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53472"
},
{
"cve": "CVE-2023-53479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53479"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/acpi: Fix a use-after-free in cxl_parse_cfmws()\n\nKASAN and KFENCE detected an user-after-free in the CXL driver. This\nhappens in the cxl_decoder_add() fail path. KASAN prints the following\nerror:\n\n BUG: KASAN: slab-use-after-free in cxl_parse_cfmws (drivers/cxl/acpi.c:299)\n\nThis happens in cxl_parse_cfmws(), where put_device() is called,\nreleasing cxld, which is accessed later.\n\nUse the local variables in the dev_err() instead of pointing to the\nreleased memory. Since the dev_err() is printing a resource, change the open\ncoded print format to use the %pr format specifier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53479",
"url": "https://www.suse.com/security/cve/CVE-2023-53479"
},
{
"category": "external",
"summary": "SUSE Bug 1250837 for CVE-2023-53479",
"url": "https://bugzilla.suse.com/1250837"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53479"
},
{
"cve": "CVE-2023-53480",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53480"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject: Add sanity check for kset-\u003ekobj.ktype in kset_register()\n\nWhen I register a kset in the following way:\n\tstatic struct kset my_kset;\n\tkobject_set_name(\u0026my_kset.kobj, \"my_kset\");\n ret = kset_register(\u0026my_kset);\n\nA null pointer dereference exception is occurred:\n[ 4453.568337] Unable to handle kernel NULL pointer dereference at \\\nvirtual address 0000000000000028\n... ...\n[ 4453.810361] Call trace:\n[ 4453.813062] kobject_get_ownership+0xc/0x34\n[ 4453.817493] kobject_add_internal+0x98/0x274\n[ 4453.822005] kset_register+0x5c/0xb4\n[ 4453.825820] my_kobj_init+0x44/0x1000 [my_kset]\n... ...\n\nBecause I didn\u0027t initialize my_kset.kobj.ktype.\n\nAccording to the description in Documentation/core-api/kobject.rst:\n - A ktype is the type of object that embeds a kobject. Every structure\n that embeds a kobject needs a corresponding ktype.\n\nSo add sanity check to make sure kset-\u003ekobj.ktype is not NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53480",
"url": "https://www.suse.com/security/cve/CVE-2023-53480"
},
{
"category": "external",
"summary": "SUSE Bug 1250861 for CVE-2023-53480",
"url": "https://bugzilla.suse.com/1250861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53480"
},
{
"cve": "CVE-2023-53485",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53485"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev\n\nSyzkaller reported the following issue:\n\nUBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6\nindex -84 is out of range for type \u0027s8[341]\u0027 (aka \u0027signed char[341]\u0027)\nCPU: 1 PID: 4995 Comm: syz-executor146 Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:217 [inline]\n __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348\n dbAllocDmapLev+0x3e5/0x430 fs/jfs/jfs_dmap.c:1965\n dbAllocCtl+0x113/0x920 fs/jfs/jfs_dmap.c:1809\n dbAllocAG+0x28f/0x10b0 fs/jfs/jfs_dmap.c:1350\n dbAlloc+0x658/0xca0 fs/jfs/jfs_dmap.c:874\n dtSplitUp fs/jfs/jfs_dtree.c:974 [inline]\n dtInsert+0xda7/0x6b00 fs/jfs/jfs_dtree.c:863\n jfs_create+0x7b6/0xbb0 fs/jfs/namei.c:137\n lookup_open fs/namei.c:3492 [inline]\n open_last_lookups fs/namei.c:3560 [inline]\n path_openat+0x13df/0x3170 fs/namei.c:3788\n do_filp_open+0x234/0x490 fs/namei.c:3818\n do_sys_openat2+0x13f/0x500 fs/open.c:1356\n do_sys_open fs/open.c:1372 [inline]\n __do_sys_openat fs/open.c:1388 [inline]\n __se_sys_openat fs/open.c:1383 [inline]\n __x64_sys_openat+0x247/0x290 fs/open.c:1383\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f1f4e33f7e9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffc21129578 EFLAGS: 00000246 ORIG_RAX: 0000000000000101\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f4e33f7e9\nRDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c\nRBP: 00007f1f4e2ff080 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f1f4e2ff110\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n \u003c/TASK\u003e\n\nThe bug occurs when the dbAllocDmapLev()function attempts to access\ndp-\u003etree.stree[leafidx + LEAFIND] while the leafidx value is negative.\n\nTo rectify this, the patch introduces a safeguard within the\ndbAllocDmapLev() function. A check has been added to verify if leafidx is\nnegative. If it is, the function immediately returns an I/O error, preventing\nany further execution that could potentially cause harm.\n\nTested via syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53485",
"url": "https://www.suse.com/security/cve/CVE-2023-53485"
},
{
"category": "external",
"summary": "SUSE Bug 1250872 for CVE-2023-53485",
"url": "https://bugzilla.suse.com/1250872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53485"
},
{
"cve": "CVE-2023-53487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53487"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/rtas_flash: allow user copy to flash block cache objects\n\nWith hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the\n/proc/powerpc/rtas/firmware_update interface to prepare a system\nfirmware update yields a BUG():\n\n kernel BUG at mm/usercopy.c:102!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in:\n CPU: 0 PID: 2232 Comm: dd Not tainted 6.5.0-rc3+ #2\n Hardware name: IBM,8408-E8E POWER8E (raw) 0x4b0201 0xf000004 of:IBM,FW860.50 (SV860_146) hv:phyp pSeries\n NIP: c0000000005991d0 LR: c0000000005991cc CTR: 0000000000000000\n REGS: c0000000148c76a0 TRAP: 0700 Not tainted (6.5.0-rc3+)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 24002242 XER: 0000000c\n CFAR: c0000000001fbd34 IRQMASK: 0\n [ ... GPRs omitted ... ]\n NIP usercopy_abort+0xa0/0xb0\n LR usercopy_abort+0x9c/0xb0\n Call Trace:\n usercopy_abort+0x9c/0xb0 (unreliable)\n __check_heap_object+0x1b4/0x1d0\n __check_object_size+0x2d0/0x380\n rtas_flash_write+0xe4/0x250\n proc_reg_write+0xfc/0x160\n vfs_write+0xfc/0x4e0\n ksys_write+0x90/0x160\n system_call_exception+0x178/0x320\n system_call_common+0x160/0x2c4\n\nThe blocks of the firmware image are copied directly from user memory\nto objects allocated from flash_block_cache, so flash_block_cache must\nbe created using kmem_cache_create_usercopy() to mark it safe for user\naccess.\n\n[mpe: Trim and indent oops]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53487",
"url": "https://www.suse.com/security/cve/CVE-2023-53487"
},
{
"category": "external",
"summary": "SUSE Bug 1250830 for CVE-2023-53487",
"url": "https://bugzilla.suse.com/1250830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53487"
},
{
"cve": "CVE-2023-53488",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53488"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix possible panic during hotplug remove\n\nDuring hotplug remove it is possible that the update counters work\nmight be pending, and may run after memory has been freed.\nCancel the update counters work before freeing memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53488",
"url": "https://www.suse.com/security/cve/CVE-2023-53488"
},
{
"category": "external",
"summary": "SUSE Bug 1250825 for CVE-2023-53488",
"url": "https://bugzilla.suse.com/1250825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53488"
},
{
"cve": "CVE-2023-53490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53490"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix disconnect vs accept race\n\nDespite commit 0ad529d9fd2b (\"mptcp: fix possible divide by zero in\nrecvmsg()\"), the mptcp protocol is still prone to a race between\ndisconnect() (or shutdown) and accept.\n\nThe root cause is that the mentioned commit checks the msk-level\nflag, but mptcp_stream_accept() does acquire the msk-level lock,\nas it can rely directly on the first subflow lock.\n\nAs reported by Christoph than can lead to a race where an msk\nsocket is accepted after that mptcp_subflow_queue_clean() releases\nthe listener socket lock and just before it takes destructive\nactions leading to the following splat:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000012\nPGD 5a4ca067 P4D 5a4ca067 PUD 37d4c067 PMD 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 2 PID: 10955 Comm: syz-executor.5 Not tainted 6.5.0-rc1-gdc7b257ee5dd #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\nRIP: 0010:mptcp_stream_accept+0x1ee/0x2f0 include/net/inet_sock.h:330\nCode: 0a 09 00 48 8b 1b 4c 39 e3 74 07 e8 bc 7c 7f fe eb a1 e8 b5 7c 7f fe 4c 8b 6c 24 08 eb 05 e8 a9 7c 7f fe 49 8b 85 d8 09 00 00 \u003c0f\u003e b6 40 12 88 44 24 07 0f b6 6c 24 07 bf 07 00 00 00 89 ee e8 89\nRSP: 0018:ffffc90000d07dc0 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff888037e8d020 RCX: ffff88803b093300\nRDX: 0000000000000000 RSI: ffffffff833822c5 RDI: ffffffff8333896a\nRBP: 0000607f82031520 R08: ffff88803b093300 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000003e83 R12: ffff888037e8d020\nR13: ffff888037e8c680 R14: ffff888009af7900 R15: ffff888009af6880\nFS: 00007fc26d708640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000012 CR3: 0000000066bc5001 CR4: 0000000000370ee0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n do_accept+0x1ae/0x260 net/socket.c:1872\n __sys_accept4+0x9b/0x110 net/socket.c:1913\n __do_sys_accept4 net/socket.c:1954 [inline]\n __se_sys_accept4 net/socket.c:1951 [inline]\n __x64_sys_accept4+0x20/0x30 net/socket.c:1951\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x47/0xa0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nAddress the issue by temporary removing the pending request socket\nfrom the accept queue, so that racing accept() can\u0027t touch them.\n\nAfter depleting the msk - the ssk still exists, as plain TCP sockets,\nre-insert them into the accept queue, so that later inet_csk_listen_stop()\nwill complete the tcp socket disposal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53490",
"url": "https://www.suse.com/security/cve/CVE-2023-53490"
},
{
"category": "external",
"summary": "SUSE Bug 1250827 for CVE-2023-53490",
"url": "https://bugzilla.suse.com/1250827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53490"
},
{
"cve": "CVE-2023-53491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53491"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstart_kernel: Add __no_stack_protector function attribute\n\nBack during the discussion of\ncommit a9a3ed1eff36 (\"x86: Fix early boot crash on gcc-10, third try\")\nwe discussed the need for a function attribute to control the omission\nof stack protectors on a per-function basis; at the time Clang had\nsupport for no_stack_protector but GCC did not. This was fixed in\ngcc-11. Now that the function attribute is available, let\u0027s start using\nit.\n\nCallers of boot_init_stack_canary need to use this function attribute\nunless they\u0027re compiled with -fno-stack-protector, otherwise the canary\nstored in the stack slot of the caller will differ upon the call to\nboot_init_stack_canary. This will lead to a call to __stack_chk_fail()\nthen panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53491",
"url": "https://www.suse.com/security/cve/CVE-2023-53491"
},
{
"category": "external",
"summary": "SUSE Bug 1250942 for CVE-2023-53491",
"url": "https://bugzilla.suse.com/1250942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53491"
},
{
"cve": "CVE-2023-53492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53492"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not ignore genmask when looking up chain by id\n\nWhen adding a rule to a chain referring to its ID, if that chain had been\ndeleted on the same batch, the rule might end up referring to a deleted\nchain.\n\nThis will lead to a WARNING like following:\n\n[ 33.098431] ------------[ cut here ]------------\n[ 33.098678] WARNING: CPU: 5 PID: 69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260\n[ 33.099217] Modules linked in:\n[ 33.099388] CPU: 5 PID: 69 Comm: kworker/5:1 Not tainted 6.4.0+ #409\n[ 33.099726] Workqueue: events nf_tables_trans_destroy_work\n[ 33.100018] RIP: 0010:nf_tables_chain_destroy+0x23d/0x260\n[ 33.100306] Code: 8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc \u003c0f\u003e 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7\n[ 33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS: 00010202\n[ 33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000\n[ 33.101920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 33.102649] RBP: ffffc900004ffc78 R08: 0000000000000000 R09: 0000000000000000\n[ 33.103018] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880135ef500\n[ 33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10\n[ 33.103762] FS: 0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000\n[ 33.104184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4: 0000000000770ee0\n[ 33.104872] PKRU: 55555554\n[ 33.104999] Call Trace:\n[ 33.105113] \u003cTASK\u003e\n[ 33.105214] ? show_regs+0x72/0x90\n[ 33.105371] ? __warn+0xa5/0x210\n[ 33.105520] ? nf_tables_chain_destroy+0x23d/0x260\n[ 33.105732] ? report_bug+0x1f2/0x200\n[ 33.105902] ? handle_bug+0x46/0x90\n[ 33.106546] ? exc_invalid_op+0x19/0x50\n[ 33.106762] ? asm_exc_invalid_op+0x1b/0x20\n[ 33.106995] ? nf_tables_chain_destroy+0x23d/0x260\n[ 33.107249] ? nf_tables_chain_destroy+0x30/0x260\n[ 33.107506] nf_tables_trans_destroy_work+0x669/0x680\n[ 33.107782] ? mark_held_locks+0x28/0xa0\n[ 33.107996] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10\n[ 33.108294] ? _raw_spin_unlock_irq+0x28/0x70\n[ 33.108538] process_one_work+0x68c/0xb70\n[ 33.108755] ? lock_acquire+0x17f/0x420\n[ 33.108977] ? __pfx_process_one_work+0x10/0x10\n[ 33.109218] ? do_raw_spin_lock+0x128/0x1d0\n[ 33.109435] ? _raw_spin_lock_irq+0x71/0x80\n[ 33.109634] worker_thread+0x2bd/0x700\n[ 33.109817] ? __pfx_worker_thread+0x10/0x10\n[ 33.110254] kthread+0x18b/0x1d0\n[ 33.110410] ? __pfx_kthread+0x10/0x10\n[ 33.110581] ret_from_fork+0x29/0x50\n[ 33.110757] \u003c/TASK\u003e\n[ 33.110866] irq event stamp: 1651\n[ 33.111017] hardirqs last enabled at (1659): [\u003cffffffffa206a209\u003e] __up_console_sem+0x79/0xa0\n[ 33.111379] hardirqs last disabled at (1666): [\u003cffffffffa206a1ee\u003e] __up_console_sem+0x5e/0xa0\n[ 33.111740] softirqs last enabled at (1616): [\u003cffffffffa1f5d40e\u003e] __irq_exit_rcu+0x9e/0xe0\n[ 33.112094] softirqs last disabled at (1367): [\u003cffffffffa1f5d40e\u003e] __irq_exit_rcu+0x9e/0xe0\n[ 33.112453] ---[ end trace 0000000000000000 ]---\n\nThis is due to the nft_chain_lookup_byid ignoring the genmask. After this\nchange, adding the new rule will fail as it will not find the chain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53492",
"url": "https://www.suse.com/security/cve/CVE-2023-53492"
},
{
"category": "external",
"summary": "SUSE Bug 1250823 for CVE-2023-53492",
"url": "https://bugzilla.suse.com/1250823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53492"
},
{
"cve": "CVE-2023-53493",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53493"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: tighten bounds checking in decode_message()\n\nCopy the bounds checking from encode_message() to decode_message().\n\nThis patch addresses the following concerns. Ensure that there is\nenough space for at least one header so that we don\u0027t have a negative\nsize later.\n\n\tif (msg_hdr_len \u003c sizeof(*trans_hdr))\n\nEnsure that we have enough space to read the next header from the\nmsg-\u003edata.\n\n\tif (msg_len \u003e msg_hdr_len - sizeof(*trans_hdr))\n\t\treturn -EINVAL;\n\nCheck that the trans_hdr-\u003elen is not below the minimum size:\n\n\tif (hdr_len \u003c sizeof(*trans_hdr))\n\nThis minimum check ensures that we don\u0027t corrupt memory in\ndecode_passthrough() when we do.\n\n\tmemcpy(out_trans-\u003edata, in_trans-\u003edata, len - sizeof(in_trans-\u003ehdr));\n\nAnd finally, use size_add() to prevent an integer overflow:\n\n\tif (size_add(msg_len, hdr_len) \u003e msg_hdr_len)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53493",
"url": "https://www.suse.com/security/cve/CVE-2023-53493"
},
{
"category": "external",
"summary": "SUSE Bug 1250820 for CVE-2023-53493",
"url": "https://bugzilla.suse.com/1250820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53493"
},
{
"cve": "CVE-2023-53495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mvpp2_main: fix possible OOB write in mvpp2_ethtool_get_rxnfc()\n\nrules is allocated in ethtool_get_rxnfc and the size is determined by\nrule_cnt from user space. So rule_cnt needs to be check before using\nrules to avoid OOB writing or NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53495",
"url": "https://www.suse.com/security/cve/CVE-2023-53495"
},
{
"category": "external",
"summary": "SUSE Bug 1250907 for CVE-2023-53495",
"url": "https://bugzilla.suse.com/1250907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53495"
},
{
"cve": "CVE-2023-53496",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53496"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/platform/uv: Use alternate source for socket to node data\n\nThe UV code attempts to build a set of tables to allow it to do\nbidirectional socket\u003c=\u003enode lookups.\n\nBut when nr_cpus is set to a smaller number than actually present, the\ncpu_to_node() mapping information for unused CPUs is not available to\nbuild_socket_tables(). This results in skipping some nodes or sockets\nwhen creating the tables and leaving some -1\u0027s for later code to trip.\nover, causing oopses.\n\nThe problem is that the socket\u003c=\u003enode lookups are created by doing a\nloop over all CPUs, then looking up the CPU\u0027s APICID and socket. But\nif a CPU is not present, there is no way to start this lookup.\n\nInstead of looping over all CPUs, take CPUs out of the equation\nentirely. Loop over all APICIDs which are mapped to a valid NUMA node.\nThen just extract the socket-id from the APICID.\n\nThis avoid tripping over disabled CPUs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53496",
"url": "https://www.suse.com/security/cve/CVE-2023-53496"
},
{
"category": "external",
"summary": "SUSE Bug 1250905 for CVE-2023-53496",
"url": "https://bugzilla.suse.com/1250905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53496"
},
{
"cve": "CVE-2023-53500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix slab-use-after-free in decode_session6\n\nWhen the xfrm device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when the xfrm device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff8881111458ef by task swapper/3/0\nCPU: 3 PID: 0 Comm: swapper/3 Not tainted 6.4.0-next-20230707 #409\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nxfrmi_xmit+0x173/0x1ca0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\u003c/IRQ\u003e\n\u003cTASK\u003e\nasm_sysvec_apic_timer_interrupt+0x1a/0x20\nRIP: 0010:intel_idle_hlt+0x23/0x30\nCode: 1f 84 00 00 00 00 00 f3 0f 1e fa 41 54 41 89 d4 0f 1f 44 00 00 66 90 0f 1f 44 00 00 0f 00 2d c4 9f ab 00 0f 1f 44 00 00 fb f4 \u003cfa\u003e 44 89 e0 41 5c c3 66 0f 1f 44 00 00 f3 0f 1e fa 41 54 41 89 d4\nRSP: 0018:ffffc90000197d78 EFLAGS: 00000246\nRAX: 00000000000a83c3 RBX: ffffe8ffffd09c50 RCX: ffffffff8a22d8e5\nRDX: 0000000000000001 RSI: ffffffff8d3f8080 RDI: ffffe8ffffd09c50\nRBP: ffffffff8d3f8080 R08: 0000000000000001 R09: ffffed1026ba6d9d\nR10: ffff888135d36ceb R11: 0000000000000001 R12: 0000000000000001\nR13: ffffffff8d3f8100 R14: 0000000000000001 R15: 0000000000000000\ncpuidle_enter_state+0xd3/0x6f0\ncpuidle_enter+0x4e/0xa0\ndo_idle+0x2fe/0x3c0\ncpu_startup_entry+0x18/0x20\nstart_secondary+0x200/0x290\nsecondary_startup_64_no_verify+0x167/0x16b\n\u003c/TASK\u003e\nAllocated by task 939:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\ninet6_ifa_notify+0x118/0x230\n__ipv6_ifa_notify+0x177/0xbe0\naddrconf_dad_completed+0x133/0xe00\naddrconf_dad_work+0x764/0x1390\nprocess_one_work+0xa32/0x16f0\nworker_thread+0x67d/0x10c0\nkthread+0x344/0x440\nret_from_fork+0x1f/0x30\nThe buggy address belongs to the object at ffff888111145800\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 239 bytes inside of\nfreed 640-byte region [ffff888111145800, ffff888111145a80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53500",
"url": "https://www.suse.com/security/cve/CVE-2023-53500"
},
{
"category": "external",
"summary": "SUSE Bug 1250816 for CVE-2023-53500",
"url": "https://bugzilla.suse.com/1250816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53500"
},
{
"cve": "CVE-2023-53501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd/iommu_v2: Fix pasid_state refcount dec hit 0 warning on pasid unbind\n\nWhen unbinding pasid - a race condition exists vs outstanding page faults.\n\nTo prevent this, the pasid_state object contains a refcount.\n * set to 1 on pasid bind\n * incremented on each ppr notification start\n * decremented on each ppr notification done\n * decremented on pasid unbind\n\nSince refcount_dec assumes that refcount will never reach 0:\n the current implementation causes the following to be invoked on\n pasid unbind:\n REFCOUNT_WARN(\"decrement hit 0; leaking memory\")\n\nFix this issue by changing refcount_dec to refcount_dec_and_test\nto explicitly handle refcount=1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53501",
"url": "https://www.suse.com/security/cve/CVE-2023-53501"
},
{
"category": "external",
"summary": "SUSE Bug 1250815 for CVE-2023-53501",
"url": "https://bugzilla.suse.com/1250815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53501"
},
{
"cve": "CVE-2023-53504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Properly order ib_device_unalloc() to avoid UAF\n\nib_dealloc_device() should be called only after device cleanup. Fix the\ndealloc sequence.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53504",
"url": "https://www.suse.com/security/cve/CVE-2023-53504"
},
{
"category": "external",
"summary": "SUSE Bug 1250813 for CVE-2023-53504",
"url": "https://bugzilla.suse.com/1250813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53504"
},
{
"cve": "CVE-2023-53505",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53505"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: tegra: tegra124-emc: Fix potential memory leak\n\nThe tegra and tegra needs to be freed in the error handling path, otherwise\nit will be leaked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53505",
"url": "https://www.suse.com/security/cve/CVE-2023-53505"
},
{
"category": "external",
"summary": "SUSE Bug 1250807 for CVE-2023-53505",
"url": "https://bugzilla.suse.com/1250807"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53505"
},
{
"cve": "CVE-2023-53507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53507"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister devlink params in case interface is down\n\nCurrently, in case an interface is down, mlx5 driver doesn\u0027t\nunregister its devlink params, which leads to this WARN[1].\nFix it by unregistering devlink params in that case as well.\n\n[1]\n[ 295.244769 ] WARNING: CPU: 15 PID: 1 at net/core/devlink.c:9042 devlink_free+0x174/0x1fc\n[ 295.488379 ] CPU: 15 PID: 1 Comm: shutdown Tainted: G S OE 5.15.0-1017.19.3.g0677e61-bluefield #g0677e61\n[ 295.509330 ] Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.2.0.12761 Jun 6 2023\n[ 295.543096 ] pc : devlink_free+0x174/0x1fc\n[ 295.551104 ] lr : mlx5_devlink_free+0x18/0x2c [mlx5_core]\n[ 295.561816 ] sp : ffff80000809b850\n[ 295.711155 ] Call trace:\n[ 295.716030 ] devlink_free+0x174/0x1fc\n[ 295.723346 ] mlx5_devlink_free+0x18/0x2c [mlx5_core]\n[ 295.733351 ] mlx5_sf_dev_remove+0x98/0xb0 [mlx5_core]\n[ 295.743534 ] auxiliary_bus_remove+0x2c/0x50\n[ 295.751893 ] __device_release_driver+0x19c/0x280\n[ 295.761120 ] device_release_driver+0x34/0x50\n[ 295.769649 ] bus_remove_device+0xdc/0x170\n[ 295.777656 ] device_del+0x17c/0x3a4\n[ 295.784620 ] mlx5_sf_dev_remove+0x28/0xf0 [mlx5_core]\n[ 295.794800 ] mlx5_sf_dev_table_destroy+0x98/0x110 [mlx5_core]\n[ 295.806375 ] mlx5_unload+0x34/0xd0 [mlx5_core]\n[ 295.815339 ] mlx5_unload_one+0x70/0xe4 [mlx5_core]\n[ 295.824998 ] shutdown+0xb0/0xd8 [mlx5_core]\n[ 295.833439 ] pci_device_shutdown+0x3c/0xa0\n[ 295.841651 ] device_shutdown+0x170/0x340\n[ 295.849486 ] __do_sys_reboot+0x1f4/0x2a0\n[ 295.857322 ] __arm64_sys_reboot+0x2c/0x40\n[ 295.865329 ] invoke_syscall+0x78/0x100\n[ 295.872817 ] el0_svc_common.constprop.0+0x54/0x184\n[ 295.882392 ] do_el0_svc+0x30/0xac\n[ 295.889008 ] el0_svc+0x48/0x160\n[ 295.895278 ] el0t_64_sync_handler+0xa4/0x130\n[ 295.903807 ] el0t_64_sync+0x1a4/0x1a8\n[ 295.911120 ] ---[ end trace 4f1d2381d00d9dce ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53507",
"url": "https://www.suse.com/security/cve/CVE-2023-53507"
},
{
"category": "external",
"summary": "SUSE Bug 1250808 for CVE-2023-53507",
"url": "https://bugzilla.suse.com/1250808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53507"
},
{
"cve": "CVE-2023-53508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53508"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nublk: fail to start device if queue setup is interrupted\n\nIn ublk_ctrl_start_dev(), if wait_for_completion_interruptible() is\ninterrupted by signal, queues aren\u0027t setup successfully yet, so we\nhave to fail UBLK_CMD_START_DEV, otherwise kernel oops can be triggered.\n\nReported by German when working on qemu-storage-deamon which requires\nsingle thread ublk daemon.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53508",
"url": "https://www.suse.com/security/cve/CVE-2023-53508"
},
{
"category": "external",
"summary": "SUSE Bug 1250809 for CVE-2023-53508",
"url": "https://bugzilla.suse.com/1250809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53508"
},
{
"cve": "CVE-2023-53510",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53510"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix handling of lrbp-\u003ecmd\n\nufshcd_queuecommand() may be called two times in a row for a SCSI command\nbefore it is completed. Hence make the following changes:\n\n - In the functions that submit a command, do not check the old value of\n lrbp-\u003ecmd nor clear lrbp-\u003ecmd in error paths.\n\n - In ufshcd_release_scsi_cmd(), do not clear lrbp-\u003ecmd.\n\nSee also scsi_send_eh_cmnd().\n\nThis commit prevents that the following appears if a command times out:\n\nWARNING: at drivers/ufs/core/ufshcd.c:2965 ufshcd_queuecommand+0x6f8/0x9a8\nCall trace:\n ufshcd_queuecommand+0x6f8/0x9a8\n scsi_send_eh_cmnd+0x2c0/0x960\n scsi_eh_test_devices+0x100/0x314\n scsi_eh_ready_devs+0xd90/0x114c\n scsi_error_handler+0x2b4/0xb70\n kthread+0x16c/0x1e0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53510",
"url": "https://www.suse.com/security/cve/CVE-2023-53510"
},
{
"category": "external",
"summary": "SUSE Bug 1250812 for CVE-2023-53510",
"url": "https://bugzilla.suse.com/1250812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53510"
},
{
"cve": "CVE-2023-53515",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53515"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-mmio: don\u0027t break lifecycle of vm_dev\n\nvm_dev has a separate lifecycle because it has a \u0027struct device\u0027\nembedded. Thus, having a release callback for it is correct.\n\nAllocating the vm_dev struct with devres totally breaks this protection,\nthough. Instead of waiting for the vm_dev release callback, the memory\nis freed when the platform_device is removed. Resulting in a\nuse-after-free when finally the callback is to be called.\n\nTo easily see the problem, compile the kernel with\nCONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.\n\nThe fix is easy, don\u0027t use devres in this case.\n\nFound during my research about object lifetime problems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53515",
"url": "https://www.suse.com/security/cve/CVE-2023-53515"
},
{
"category": "external",
"summary": "SUSE Bug 1250917 for CVE-2023-53515",
"url": "https://bugzilla.suse.com/1250917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53515"
},
{
"cve": "CVE-2023-53516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53516"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF\n\nThe previous commit 954d1fa1ac93 (\"macvlan: Add netlink attribute for\nbroadcast cutoff\") added one additional attribute named\nIFLA_MACVLAN_BC_CUTOFF to allow broadcast cutfoff.\n\nHowever, it forgot to describe the nla_policy at macvlan_policy\n(drivers/net/macvlan.c). Hence, this suppose NLA_S32 (4 bytes) integer\ncan be faked as empty (0 bytes) by a malicious user, which could leads\nto OOB in heap just like CVE-2023-3773.\n\nTo fix it, this commit just completes the nla_policy description for\nIFLA_MACVLAN_BC_CUTOFF. This enforces the length check and avoids the\npotential OOB read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53516",
"url": "https://www.suse.com/security/cve/CVE-2023-53516"
},
{
"category": "external",
"summary": "SUSE Bug 1250918 for CVE-2023-53516",
"url": "https://bugzilla.suse.com/1250918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53516"
},
{
"cve": "CVE-2023-53518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53518"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Fix leak in devfreq_dev_release()\n\nsrcu_init_notifier_head() allocates resources that need to be released\nwith a srcu_cleanup_notifier_head() call.\n\nReported by kmemleak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53518",
"url": "https://www.suse.com/security/cve/CVE-2023-53518"
},
{
"category": "external",
"summary": "SUSE Bug 1250923 for CVE-2023-53518",
"url": "https://bugzilla.suse.com/1250923"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53518"
},
{
"cve": "CVE-2023-53519",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53519"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-mem2mem: add lock to protect parameter num_rdy\n\nGetting below error when using KCSAN to check the driver. Adding lock to\nprotect parameter num_rdy when getting the value with function:\nv4l2_m2m_num_src_bufs_ready/v4l2_m2m_num_dst_bufs_ready.\n\nkworker/u16:3: [name:report\u0026]BUG: KCSAN: data-race in v4l2_m2m_buf_queue\nkworker/u16:3: [name:report\u0026]\n\nkworker/u16:3: [name:report\u0026]read-write to 0xffffff8105f35b94 of 1 bytes by task 20865 on cpu 7:\nkworker/u16:3: v4l2_m2m_buf_queue+0xd8/0x10c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53519",
"url": "https://www.suse.com/security/cve/CVE-2023-53519"
},
{
"category": "external",
"summary": "SUSE Bug 1250964 for CVE-2023-53519",
"url": "https://bugzilla.suse.com/1250964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53519"
},
{
"cve": "CVE-2023-53520",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53520"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix hci_suspend_sync crash\n\nIf hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier\nmay still be accessing it, it can cause the program to crash.\nHere\u0027s the call trace:\n \u003c4\u003e[102152.653246] Call Trace:\n \u003c4\u003e[102152.653254] hci_suspend_sync+0x109/0x301 [bluetooth]\n \u003c4\u003e[102152.653259] hci_suspend_dev+0x78/0xcd [bluetooth]\n \u003c4\u003e[102152.653263] hci_suspend_notifier+0x42/0x7a [bluetooth]\n \u003c4\u003e[102152.653268] notifier_call_chain+0x43/0x6b\n \u003c4\u003e[102152.653271] __blocking_notifier_call_chain+0x48/0x69\n \u003c4\u003e[102152.653273] __pm_notifier_call_chain+0x22/0x39\n \u003c4\u003e[102152.653276] pm_suspend+0x287/0x57c\n \u003c4\u003e[102152.653278] state_store+0xae/0xe5\n \u003c4\u003e[102152.653281] kernfs_fop_write+0x109/0x173\n \u003c4\u003e[102152.653284] __vfs_write+0x16f/0x1a2\n \u003c4\u003e[102152.653287] ? selinux_file_permission+0xca/0x16f\n \u003c4\u003e[102152.653289] ? security_file_permission+0x36/0x109\n \u003c4\u003e[102152.653291] vfs_write+0x114/0x21d\n \u003c4\u003e[102152.653293] __x64_sys_write+0x7b/0xdb\n \u003c4\u003e[102152.653296] do_syscall_64+0x59/0x194\n \u003c4\u003e[102152.653299] entry_SYSCALL_64_after_hwframe+0x5c/0xc1\n\nThis patch holds the reference count of the hci_dev object while\nprocessing it in hci_suspend_notifier to avoid potential crash\ncaused by the race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53520",
"url": "https://www.suse.com/security/cve/CVE-2023-53520"
},
{
"category": "external",
"summary": "SUSE Bug 1250957 for CVE-2023-53520",
"url": "https://bugzilla.suse.com/1250957"
},
{
"category": "external",
"summary": "SUSE Bug 1250958 for CVE-2023-53520",
"url": "https://bugzilla.suse.com/1250958"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53520"
},
{
"cve": "CVE-2023-53523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53523"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: fix time stamp counter initialization\n\nIf the gs_usb device driver is unloaded (or unbound) before the\ninterface is shut down, the USB stack first calls the struct\nusb_driver::disconnect and then the struct net_device_ops::ndo_stop\ncallback.\n\nIn gs_usb_disconnect() all pending bulk URBs are killed, i.e. no more\nRX\u0027ed CAN frames are send from the USB device to the host. Later in\ngs_can_close() a reset control message is send to each CAN channel to\nremove the controller from the CAN bus. In this race window the USB\ndevice can still receive CAN frames from the bus and internally queue\nthem to be send to the host.\n\nAt least in the current version of the candlelight firmware, the queue\nof received CAN frames is not emptied during the reset command. After\nloading (or binding) the gs_usb driver, new URBs are submitted during\nthe struct net_device_ops::ndo_open callback and the candlelight\nfirmware starts sending its already queued CAN frames to the host.\n\nHowever, this scenario was not considered when implementing the\nhardware timestamp function. The cycle counter/time counter\ninfrastructure is set up (gs_usb_timestamp_init()) after the USBs are\nsubmitted, resulting in a NULL pointer dereference if\ntimecounter_cyc2time() (via the call chain:\ngs_usb_receive_bulk_callback() -\u003e gs_usb_set_timestamp() -\u003e\ngs_usb_skb_set_timestamp()) is called too early.\n\nMove the gs_usb_timestamp_init() function before the URBs are\nsubmitted to fix this problem.\n\nFor a comprehensive solution, we need to consider gs_usb devices with\nmore than 1 channel. The cycle counter/time counter infrastructure is\nsetup per channel, but the RX URBs are per device. Once gs_can_open()\nof _a_ channel has been called, and URBs have been submitted, the\ngs_usb_receive_bulk_callback() can be called for _all_ available\nchannels, even for channels that are not running, yet. As cycle\ncounter/time counter has not set up, this will again lead to a NULL\npointer dereference.\n\nConvert the cycle counter/time counter from a \"per channel\" to a \"per\ndevice\" functionality. Also set it up, before submitting any URBs to\nthe device.\n\nFurther in gs_usb_receive_bulk_callback(), don\u0027t process any URBs for\nnot started CAN channels, only resubmit the URB.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53523",
"url": "https://www.suse.com/security/cve/CVE-2023-53523"
},
{
"category": "external",
"summary": "SUSE Bug 1250926 for CVE-2023-53523",
"url": "https://bugzilla.suse.com/1250926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53523"
},
{
"cve": "CVE-2023-53526",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53526"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: check \u0027jh-\u003eb_transaction\u0027 before removing it from checkpoint\n\nFollowing process will corrupt ext4 image:\nStep 1:\njbd2_journal_commit_transaction\n __jbd2_journal_insert_checkpoint(jh, commit_transaction)\n // Put jh into trans1-\u003et_checkpoint_list\n journal-\u003ej_checkpoint_transactions = commit_transaction\n // Put trans1 into journal-\u003ej_checkpoint_transactions\n\nStep 2:\ndo_get_write_access\n test_clear_buffer_dirty(bh) // clear buffer dirty\uff0cset jbd dirty\n __jbd2_journal_file_buffer(jh, transaction) // jh belongs to trans2\n\nStep 3:\ndrop_cache\n journal_shrink_one_cp_list\n jbd2_journal_try_remove_checkpoint\n if (!trylock_buffer(bh)) // lock bh, true\n if (buffer_dirty(bh)) // buffer is not dirty\n __jbd2_journal_remove_checkpoint(jh)\n // remove jh from trans1-\u003et_checkpoint_list\n\nStep 4:\njbd2_log_do_checkpoint\n trans1 = journal-\u003ej_checkpoint_transactions\n // jh is not in trans1-\u003et_checkpoint_list\n jbd2_cleanup_journal_tail(journal) // trans1 is done\n\nStep 5: Power cut, trans2 is not committed, jh is lost in next mounting.\n\nFix it by checking \u0027jh-\u003eb_transaction\u0027 before remove it from checkpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53526",
"url": "https://www.suse.com/security/cve/CVE-2023-53526"
},
{
"category": "external",
"summary": "SUSE Bug 1250928 for CVE-2023-53526",
"url": "https://bugzilla.suse.com/1250928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53526"
},
{
"cve": "CVE-2023-53527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53527"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request()\n\nThe memory allocated in tb_queue_dp_bandwidth_request() needs to be\nreleased once the request is handled to avoid leaking it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53527",
"url": "https://www.suse.com/security/cve/CVE-2023-53527"
},
{
"category": "external",
"summary": "SUSE Bug 1250929 for CVE-2023-53527",
"url": "https://bugzilla.suse.com/1250929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53527"
},
{
"cve": "CVE-2023-53528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53528"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix unsafe drain work queue code\n\nIf create_qp does not fully succeed it is possible for qp cleanup\ncode to attempt to drain the send or recv work queues before the\nqueues have been created causing a seg fault. This patch checks\nto see if the queues exist before attempting to drain them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53528",
"url": "https://www.suse.com/security/cve/CVE-2023-53528"
},
{
"category": "external",
"summary": "SUSE Bug 1250930 for CVE-2023-53528",
"url": "https://bugzilla.suse.com/1250930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53528"
},
{
"cve": "CVE-2023-53530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53530"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()\n\nThe following call trace was observed:\n\nlocalhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete\nlocalhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092\nlocalhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN \"nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291\"\nlocalhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]\nlocalhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G B W OE --------- --- 5.14.0-70.22.1.el9_0.x86_64+debug #1\nlocalhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022\nlocalhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core]\nlocalhost kernel: Call Trace:\nlocalhost kernel: dump_stack_lvl+0x57/0x7d\nlocalhost kernel: check_preemption_disabled+0xc8/0xd0\nlocalhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]\n\nUse raw_smp_processor_id() instead of smp_processor_id().\n\nAlso use queue_work() across the driver instead of queue_work_on() thus\navoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53530",
"url": "https://www.suse.com/security/cve/CVE-2023-53530"
},
{
"category": "external",
"summary": "SUSE Bug 1250949 for CVE-2023-53530",
"url": "https://bugzilla.suse.com/1250949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53530"
},
{
"cve": "CVE-2023-53531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53531"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnull_blk: fix poll request timeout handling\n\nWhen doing io_uring benchmark on /dev/nullb0, it\u0027s easy to crash the\nkernel if poll requests timeout triggered, as reported by David. [1]\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nWorkqueue: kblockd blk_mq_timeout_work\nRIP: 0010:null_timeout_rq+0x4e/0x91\nCall Trace:\n ? null_timeout_rq+0x4e/0x91\n blk_mq_handle_expired+0x31/0x4b\n bt_iter+0x68/0x84\n ? bt_tags_iter+0x81/0x81\n __sbitmap_for_each_set.constprop.0+0xb0/0xf2\n ? __blk_mq_complete_request_remote+0xf/0xf\n bt_for_each+0x46/0x64\n ? __blk_mq_complete_request_remote+0xf/0xf\n ? percpu_ref_get_many+0xc/0x2a\n blk_mq_queue_tag_busy_iter+0x14d/0x18e\n blk_mq_timeout_work+0x95/0x127\n process_one_work+0x185/0x263\n worker_thread+0x1b5/0x227\n\nThis is indeed a race problem between null_timeout_rq() and null_poll().\n\nnull_poll()\t\t\t\tnull_timeout_rq()\n spin_lock(\u0026nq-\u003epoll_lock)\n list_splice_init(\u0026nq-\u003epoll_list, \u0026list)\n spin_unlock(\u0026nq-\u003epoll_lock)\n\n while (!list_empty(\u0026list))\n req = list_first_entry()\n list_del_init()\n ...\n blk_mq_add_to_batch()\n // req-\u003erq_next = NULL\n\t\t\t\t\tspin_lock(\u0026nq-\u003epoll_lock)\n\n\t\t\t\t\t// rq-\u003equeuelist-\u003enext == NULL\n\t\t\t\t\tlist_del_init(\u0026rq-\u003equeuelist)\n\n\t\t\t\t\tspin_unlock(\u0026nq-\u003epoll_lock)\n\nFix these problems by setting requests state to MQ_RQ_COMPLETE under\nnq-\u003epoll_lock protection, in which null_timeout_rq() can safely detect\nthis race and early return.\n\nNote this patch just fix the kernel panic when request timeout happen.\n\n[1] https://lore.kernel.org/all/3893581.1691785261@warthog.procyon.org.uk/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53531",
"url": "https://www.suse.com/security/cve/CVE-2023-53531"
},
{
"category": "external",
"summary": "SUSE Bug 1250931 for CVE-2023-53531",
"url": "https://bugzilla.suse.com/1250931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53531"
},
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-K\u00f6nig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2024-26584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we\u0027re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina\u0027s original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26584",
"url": "https://www.suse.com/security/cve/CVE-2024-26584"
},
{
"category": "external",
"summary": "SUSE Bug 1220186 for CVE-2024-26584",
"url": "https://bugzilla.suse.com/1220186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2024-26584"
},
{
"cve": "CVE-2024-58240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: separate no-async decryption request handling from async\n\nIf we\u0027re not doing async, the handling is much simpler. There\u0027s no\nreference counting, we just need to wait for the completion to wake us\nup and return its result.\n\nWe should preferably also use a separate crypto_wait. I\u0027m not seeing a\nUAF as I did in the past, I think aec7961916f3 (\"tls: fix race between\nasync notify and socket close\") took care of it.\n\nThis will make the next fix easier.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58240",
"url": "https://www.suse.com/security/cve/CVE-2024-58240"
},
{
"category": "external",
"summary": "SUSE Bug 1248847 for CVE-2024-58240",
"url": "https://bugzilla.suse.com/1248847"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2024-58240"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38465"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix wraparounds of sk-\u003esk_rmem_alloc.\n\nNetlink has this pattern in some places\n\n if (atomic_read(\u0026sk-\u003esk_rmem_alloc) \u003e sk-\u003esk_rcvbuf)\n \tatomic_add(skb-\u003etruesize, \u0026sk-\u003esk_rmem_alloc);\n\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk-\u003esk_rmem_alloc.\").\n\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\n\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk-\u003esk_rmem_alloc.\n\nLet\u0027s fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\n\nBefore:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n -1668710080 0 rtnl:nl_wraparound/293 *\n\nAfter:\n [root@fedora ~]# ss -f netlink\n Recv-Q Send-Q Local Address:Port Peer Address:Port\n 2147483072 0 rtnl:nl_wraparound/290 *\n ^\n `--- INT_MAX - 576",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38465",
"url": "https://www.suse.com/security/cve/CVE-2025-38465"
},
{
"category": "external",
"summary": "SUSE Bug 1247118 for CVE-2025-38465",
"url": "https://bugzilla.suse.com/1247118"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38465"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38680"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen \u003e 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38680",
"url": "https://www.suse.com/security/cve/CVE-2025-38680"
},
{
"category": "external",
"summary": "SUSE Bug 1249203 for CVE-2025-38680",
"url": "https://bugzilla.suse.com/1249203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38680"
},
{
"cve": "CVE-2025-38681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()\n\nMemory hot remove unmaps and tears down various kernel page table regions\nas required. The ptdump code can race with concurrent modifications of\nthe kernel page tables. When leaf entries are modified concurrently, the\ndump code may log stale or inconsistent information for a VA range, but\nthis is otherwise not harmful.\n\nBut when intermediate levels of kernel page table are freed, the dump code\nwill continue to use memory that has been freed and potentially\nreallocated for another purpose. In such cases, the ptdump code may\ndereference bogus addresses, leading to a number of potential problems.\n\nTo avoid the above mentioned race condition, platforms such as arm64,\nriscv and s390 take memory hotplug lock, while dumping kernel page table\nvia the sysfs interface /sys/kernel/debug/kernel_page_tables.\n\nSimilar race condition exists while checking for pages that might have\nbeen marked W+X via /sys/kernel/debug/kernel_page_tables/check_wx_pages\nwhich in turn calls ptdump_check_wx(). Instead of solving this race\ncondition again, let\u0027s just move the memory hotplug lock inside generic\nptdump_check_wx() which will benefit both the scenarios.\n\nDrop get_online_mems() and put_online_mems() combination from all existing\nplatform ptdump code paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38681",
"url": "https://www.suse.com/security/cve/CVE-2025-38681"
},
{
"category": "external",
"summary": "SUSE Bug 1249204 for CVE-2025-38681",
"url": "https://bugzilla.suse.com/1249204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38681"
},
{
"cve": "CVE-2025-38683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix panic during namespace deletion with VF\n\nThe existing code move the VF NIC to new namespace when NETDEV_REGISTER is\nreceived on netvsc NIC. During deletion of the namespace,\ndefault_device_exit_batch() \u003e\u003e default_device_exit_net() is called. When\nnetvsc NIC is moved back and registered to the default namespace, it\nautomatically brings VF NIC back to the default namespace. This will cause\nthe default_device_exit_net() \u003e\u003e for_each_netdev_safe loop unable to detect\nthe list end, and hit NULL ptr:\n\n[ 231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0\n[ 231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010\n[ 231.450246] #PF: supervisor read access in kernel mode\n[ 231.450579] #PF: error_code(0x0000) - not-present page\n[ 231.450916] PGD 17b8a8067 P4D 0\n[ 231.451163] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY\n[ 231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024\n[ 231.452692] Workqueue: netns cleanup_net\n[ 231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0\n[ 231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 \u003c48\u003e 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00\n[ 231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246\n[ 231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb\n[ 231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564\n[ 231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000\n[ 231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340\n[ 231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340\n[ 231.457161] FS: 0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000\n[ 231.457707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0\n[ 231.458434] Call Trace:\n[ 231.458600] \u003cTASK\u003e\n[ 231.458777] ops_undo_list+0x100/0x220\n[ 231.459015] cleanup_net+0x1b8/0x300\n[ 231.459285] process_one_work+0x184/0x340\n\nTo fix it, move the ns change to a workqueue, and take rtnl_lock to avoid\nchanging the netdev list when default_device_exit_net() is using it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38683",
"url": "https://www.suse.com/security/cve/CVE-2025-38683"
},
{
"category": "external",
"summary": "SUSE Bug 1249159 for CVE-2025-38683",
"url": "https://bugzilla.suse.com/1249159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38683"
},
{
"cve": "CVE-2025-38685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38685",
"url": "https://www.suse.com/security/cve/CVE-2025-38685"
},
{
"category": "external",
"summary": "SUSE Bug 1249220 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249220"
},
{
"category": "external",
"summary": "SUSE Bug 1249240 for CVE-2025-38685",
"url": "https://bugzilla.suse.com/1249240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-38685"
},
{
"cve": "CVE-2025-38687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: fix race between polling and detaching\n\nsyzbot reports a use-after-free in comedi in the below link, which is\ndue to comedi gladly removing the allocated async area even though poll\nrequests are still active on the wait_queue_head inside of it. This can\ncause a use-after-free when the poll entries are later triggered or\nremoved, as the memory for the wait_queue_head has been freed. We need\nto check there are no tasks queued on any of the subdevices\u0027 wait queues\nbefore allowing the device to be detached by the `COMEDI_DEVCONFIG`\nioctl.\n\nTasks will read-lock `dev-\u003eattach_lock` before adding themselves to the\nsubdevice wait queue, so fix the problem in the `COMEDI_DEVCONFIG` ioctl\nhandler by write-locking `dev-\u003eattach_lock` before checking that all of\nthe subdevices are safe to be deleted. This includes testing for any\nsleepers on the subdevices\u0027 wait queues. It remains locked until the\ndevice has been detached. This requires the `comedi_device_detach()`\nfunction to be refactored slightly, moving the bulk of it into new\nfunction `comedi_device_detach_locked()`.\n\nNote that the refactor of `comedi_device_detach()` results in\n`comedi_device_cancel_all()` now being called while `dev-\u003eattach_lock`\nis write-locked, which wasn\u0027t the case previously, but that does not\nmatter.\n\nThanks to Jens Axboe for diagnosing the problem and co-developing this\npatch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38687",
"url": "https://www.suse.com/security/cve/CVE-2025-38687"
},
{
"category": "external",
"summary": "SUSE Bug 1249177 for CVE-2025-38687",
"url": "https://bugzilla.suse.com/1249177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38687"
},
{
"cve": "CVE-2025-38691",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38691"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix uninited ptr deref in block/scsi layout\n\nThe error occurs on the third attempt to encode extents. When function\next_tree_prepare_commit() reallocates a larger buffer to retry encoding\nextents, the \"layoutupdate_pages\" page array is initialized only after the\nretry loop. But ext_tree_free_commitdata() is called on every iteration\nand tries to put pages in the array, thus dereferencing uninitialized\npointers.\n\nAn additional problem is that there is no limit on the maximum possible\nbuffer_size. When there are too many extents, the client may create a\nlayoutcommit that is larger than the maximum possible RPC size accepted\nby the server.\n\nDuring testing, we observed two typical scenarios. First, one memory page\nfor extents is enough when we work with small files, append data to the\nend of the file, or preallocate extents before writing. But when we fill\na new large file without preallocating, the number of extents can be huge,\nand counting the number of written extents in ext_tree_encode_commit()\ndoes not help much. Since this number increases even more between\nunlocking and locking of ext_tree, the reallocated buffer may not be\nlarge enough again and again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38691",
"url": "https://www.suse.com/security/cve/CVE-2025-38691"
},
{
"category": "external",
"summary": "SUSE Bug 1249215 for CVE-2025-38691",
"url": "https://bugzilla.suse.com/1249215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38691"
},
{
"cve": "CVE-2025-38692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38692"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: add cluster chain loop check for dir\n\nAn infinite loop may occur if the following conditions occur due to\nfile system corruption.\n\n(1) Condition for exfat_count_dir_entries() to loop infinitely.\n - The cluster chain includes a loop.\n - There is no UNUSED entry in the cluster chain.\n\n(2) Condition for exfat_create_upcase_table() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and up-case table entry in the cluster\n chain of the root directory.\n\n(3) Condition for exfat_load_bitmap() to loop infinitely.\n - The cluster chain of the root directory includes a loop.\n - There are no UNUSED entry and bitmap entry in the cluster chain\n of the root directory.\n\n(4) Condition for exfat_find_dir_entry() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n\n(5) Condition for exfat_check_dir_empty() to loop infinitely.\n - The cluster chain includes a loop.\n - The unused directory entries were exhausted by some operation.\n - All files and sub-directories under the directory are deleted.\n\nThis commit adds checks to break the above infinite loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38692",
"url": "https://www.suse.com/security/cve/CVE-2025-38692"
},
{
"category": "external",
"summary": "SUSE Bug 1249221 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249221"
},
{
"category": "external",
"summary": "SUSE Bug 1249239 for CVE-2025-38692",
"url": "https://bugzilla.suse.com/1249239"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38692"
},
{
"cve": "CVE-2025-38693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n\nIn w7090p_tuner_write_serpar, msg is controlled by user. When msg[0].buf is null and msg[0].len is zero, former checks on msg[0].buf would be passed. If accessing msg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash.\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38693",
"url": "https://www.suse.com/security/cve/CVE-2025-38693"
},
{
"category": "external",
"summary": "SUSE Bug 1249190 for CVE-2025-38693",
"url": "https://bugzilla.suse.com/1249190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38693"
},
{
"cve": "CVE-2025-38694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()\n\nIn dib7090p_rw_on_apb, msg is controlled by user. When msg[0].buf is null and\nmsg[0].len is zero, former checks on msg[0].buf would be passed. If accessing\nmsg[0].buf[2] without sanity check, null pointer deref would happen. We add\ncheck on msg[0].len to prevent crash. Similar issue occurs when access\nmsg[1].buf[0] and msg[1].buf[1].\n\nSimilar commit: commit 0ed554fd769a (\"media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38694",
"url": "https://www.suse.com/security/cve/CVE-2025-38694"
},
{
"category": "external",
"summary": "SUSE Bug 1249272 for CVE-2025-38694",
"url": "https://bugzilla.suse.com/1249272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38694"
},
{
"cve": "CVE-2025-38695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38695"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure\n\nIf a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the\nresultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may\noccur before sli4_hba.hdwqs are allocated. This may result in a null\npointer dereference when attempting to take the abts_io_buf_list_lock for\nthe first hardware queue. Fix by adding a null ptr check on\nphba-\u003esli4_hba.hdwq and early return because this situation means there\nmust have been an error during port initialization.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38695",
"url": "https://www.suse.com/security/cve/CVE-2025-38695"
},
{
"category": "external",
"summary": "SUSE Bug 1249285 for CVE-2025-38695",
"url": "https://bugzilla.suse.com/1249285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38695"
},
{
"cve": "CVE-2025-38697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: upper bound check of tree index in dbAllocAG\n\nWhen computing the tree index in dbAllocAG, we never check if we are\nout of bounds realative to the size of the stree.\nThis could happen in a scenario where the filesystem metadata are\ncorrupted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38697",
"url": "https://www.suse.com/security/cve/CVE-2025-38697"
},
{
"category": "external",
"summary": "SUSE Bug 1249257 for CVE-2025-38697",
"url": "https://bugzilla.suse.com/1249257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-38697"
},
{
"cve": "CVE-2025-38698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: Regular file corruption check\n\nThe reproducer builds a corrupted file on disk with a negative i_size value.\nAdd a check when opening this file to avoid subsequent operation failures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38698",
"url": "https://www.suse.com/security/cve/CVE-2025-38698"
},
{
"category": "external",
"summary": "SUSE Bug 1249255 for CVE-2025-38698",
"url": "https://bugzilla.suse.com/1249255"
},
{
"category": "external",
"summary": "SUSE Bug 1253014 for CVE-2025-38698",
"url": "https://bugzilla.suse.com/1253014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-38698"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb \u003c FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38702",
"url": "https://www.suse.com/security/cve/CVE-2025-38702"
},
{
"category": "external",
"summary": "SUSE Bug 1249254 for CVE-2025-38702",
"url": "https://bugzilla.suse.com/1249254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38702"
},
{
"cve": "CVE-2025-38706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()\n\nsnd_soc_remove_pcm_runtime() might be called with rtd == NULL which will\nleads to null pointer dereference.\nThis was reproduced with topology loading and marking a link as ignore\ndue to missing hardware component on the system.\nOn module removal the soc_tplg_remove_link() would call\nsnd_soc_remove_pcm_runtime() with rtd == NULL since the link was ignored,\nno runtime was created.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38706",
"url": "https://www.suse.com/security/cve/CVE-2025-38706"
},
{
"category": "external",
"summary": "SUSE Bug 1249195 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1249195"
},
{
"category": "external",
"summary": "SUSE Bug 1250193 for CVE-2025-38706",
"url": "https://bugzilla.suse.com/1250193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38706"
},
{
"cve": "CVE-2025-38712",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38712"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t use BUG_ON() in hfsplus_create_attributes_file()\n\nWhen the volume header contains erroneous values that do not reflect\nthe actual state of the filesystem, hfsplus_fill_super() assumes that\nthe attributes file is not yet created, which later results in hitting\nBUG_ON() when hfsplus_create_attributes_file() is called. Replace this\nBUG_ON() with -EIO error with a message to suggest running fsck tool.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38712",
"url": "https://www.suse.com/security/cve/CVE-2025-38712"
},
{
"category": "external",
"summary": "SUSE Bug 1249194 for CVE-2025-38712",
"url": "https://bugzilla.suse.com/1249194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38712"
},
{
"cve": "CVE-2025-38713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nThe hfsplus_readdir() method is capable to crash by calling\nhfsplus_uni2asc():\n\n[ 667.121659][ T9805] ==================================================================\n[ 667.122651][ T9805] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x902/0xa10\n[ 667.123627][ T9805] Read of size 2 at addr ffff88802592f40c by task repro/9805\n[ 667.124578][ T9805]\n[ 667.124876][ T9805] CPU: 3 UID: 0 PID: 9805 Comm: repro Not tainted 6.16.0-rc3 #1 PREEMPT(full)\n[ 667.124886][ T9805] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 667.124890][ T9805] Call Trace:\n[ 667.124893][ T9805] \u003cTASK\u003e\n[ 667.124896][ T9805] dump_stack_lvl+0x10e/0x1f0\n[ 667.124911][ T9805] print_report+0xd0/0x660\n[ 667.124920][ T9805] ? __virt_addr_valid+0x81/0x610\n[ 667.124928][ T9805] ? __phys_addr+0xe8/0x180\n[ 667.124934][ T9805] ? hfsplus_uni2asc+0x902/0xa10\n[ 667.124942][ T9805] kasan_report+0xc6/0x100\n[ 667.124950][ T9805] ? hfsplus_uni2asc+0x902/0xa10\n[ 667.124959][ T9805] hfsplus_uni2asc+0x902/0xa10\n[ 667.124966][ T9805] ? hfsplus_bnode_read+0x14b/0x360\n[ 667.124974][ T9805] hfsplus_readdir+0x845/0xfc0\n[ 667.124984][ T9805] ? __pfx_hfsplus_readdir+0x10/0x10\n[ 667.124994][ T9805] ? stack_trace_save+0x8e/0xc0\n[ 667.125008][ T9805] ? iterate_dir+0x18b/0xb20\n[ 667.125015][ T9805] ? trace_lock_acquire+0x85/0xd0\n[ 667.125022][ T9805] ? lock_acquire+0x30/0x80\n[ 667.125029][ T9805] ? iterate_dir+0x18b/0xb20\n[ 667.125037][ T9805] ? down_read_killable+0x1ed/0x4c0\n[ 667.125044][ T9805] ? putname+0x154/0x1a0\n[ 667.125051][ T9805] ? __pfx_down_read_killable+0x10/0x10\n[ 667.125058][ T9805] ? apparmor_file_permission+0x239/0x3e0\n[ 667.125069][ T9805] iterate_dir+0x296/0xb20\n[ 667.125076][ T9805] __x64_sys_getdents64+0x13c/0x2c0\n[ 667.125084][ T9805] ? __pfx___x64_sys_getdents64+0x10/0x10\n[ 667.125091][ T9805] ? __x64_sys_openat+0x141/0x200\n[ 667.125126][ T9805] ? __pfx_filldir64+0x10/0x10\n[ 667.125134][ T9805] ? do_user_addr_fault+0x7fe/0x12f0\n[ 667.125143][ T9805] do_syscall_64+0xc9/0x480\n[ 667.125151][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 667.125158][ T9805] RIP: 0033:0x7fa8753b2fc9\n[ 667.125164][ T9805] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 48\n[ 667.125172][ T9805] RSP: 002b:00007ffe96f8e0f8 EFLAGS: 00000217 ORIG_RAX: 00000000000000d9\n[ 667.125181][ T9805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa8753b2fc9\n[ 667.125185][ T9805] RDX: 0000000000000400 RSI: 00002000000063c0 RDI: 0000000000000004\n[ 667.125190][ T9805] RBP: 00007ffe96f8e110 R08: 00007ffe96f8e110 R09: 00007ffe96f8e110\n[ 667.125195][ T9805] R10: 0000000000000000 R11: 0000000000000217 R12: 0000556b1e3b4260\n[ 667.125199][ T9805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 667.125207][ T9805] \u003c/TASK\u003e\n[ 667.125210][ T9805]\n[ 667.145632][ T9805] Allocated by task 9805:\n[ 667.145991][ T9805] kasan_save_stack+0x20/0x40\n[ 667.146352][ T9805] kasan_save_track+0x14/0x30\n[ 667.146717][ T9805] __kasan_kmalloc+0xaa/0xb0\n[ 667.147065][ T9805] __kmalloc_noprof+0x205/0x550\n[ 667.147448][ T9805] hfsplus_find_init+0x95/0x1f0\n[ 667.147813][ T9805] hfsplus_readdir+0x220/0xfc0\n[ 667.148174][ T9805] iterate_dir+0x296/0xb20\n[ 667.148549][ T9805] __x64_sys_getdents64+0x13c/0x2c0\n[ 667.148937][ T9805] do_syscall_64+0xc9/0x480\n[ 667.149291][ T9805] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 667.149809][ T9805]\n[ 667.150030][ T9805] The buggy address belongs to the object at ffff88802592f000\n[ 667.150030][ T9805] which belongs to the cache kmalloc-2k of size 2048\n[ 667.151282][ T9805] The buggy address is located 0 bytes to the right of\n[ 667.151282][ T9805] allocated 1036-byte region [ffff88802592f000, ffff88802592f40c)\n[ 667.1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38713",
"url": "https://www.suse.com/security/cve/CVE-2025-38713"
},
{
"category": "external",
"summary": "SUSE Bug 1249200 for CVE-2025-38713",
"url": "https://bugzilla.suse.com/1249200"
},
{
"category": "external",
"summary": "SUSE Bug 1249738 for CVE-2025-38713",
"url": "https://bugzilla.suse.com/1249738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38713"
},
{
"cve": "CVE-2025-38714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()\n\nThe hfsplus_bnode_read() method can trigger the issue:\n\n[ 174.852007][ T9784] ==================================================================\n[ 174.852709][ T9784] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x2f4/0x360\n[ 174.853412][ T9784] Read of size 8 at addr ffff88810b5fc6c0 by task repro/9784\n[ 174.854059][ T9784]\n[ 174.854272][ T9784] CPU: 1 UID: 0 PID: 9784 Comm: repro Not tainted 6.16.0-rc3 #7 PREEMPT(full)\n[ 174.854281][ T9784] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 174.854286][ T9784] Call Trace:\n[ 174.854289][ T9784] \u003cTASK\u003e\n[ 174.854292][ T9784] dump_stack_lvl+0x10e/0x1f0\n[ 174.854305][ T9784] print_report+0xd0/0x660\n[ 174.854315][ T9784] ? __virt_addr_valid+0x81/0x610\n[ 174.854323][ T9784] ? __phys_addr+0xe8/0x180\n[ 174.854330][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854337][ T9784] kasan_report+0xc6/0x100\n[ 174.854346][ T9784] ? hfsplus_bnode_read+0x2f4/0x360\n[ 174.854354][ T9784] hfsplus_bnode_read+0x2f4/0x360\n[ 174.854362][ T9784] hfsplus_bnode_dump+0x2ec/0x380\n[ 174.854370][ T9784] ? __pfx_hfsplus_bnode_dump+0x10/0x10\n[ 174.854377][ T9784] ? hfsplus_bnode_write_u16+0x83/0xb0\n[ 174.854385][ T9784] ? srcu_gp_start+0xd0/0x310\n[ 174.854393][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854402][ T9784] hfsplus_brec_remove+0x3d2/0x4e0\n[ 174.854411][ T9784] __hfsplus_delete_attr+0x290/0x3a0\n[ 174.854419][ T9784] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10\n[ 174.854427][ T9784] ? __pfx___hfsplus_delete_attr+0x10/0x10\n[ 174.854436][ T9784] ? __asan_memset+0x23/0x50\n[ 174.854450][ T9784] hfsplus_delete_all_attrs+0x262/0x320\n[ 174.854459][ T9784] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10\n[ 174.854469][ T9784] ? rcu_is_watching+0x12/0xc0\n[ 174.854476][ T9784] ? __mark_inode_dirty+0x29e/0xe40\n[ 174.854483][ T9784] hfsplus_delete_cat+0x845/0xde0\n[ 174.854493][ T9784] ? __pfx_hfsplus_delete_cat+0x10/0x10\n[ 174.854507][ T9784] hfsplus_unlink+0x1ca/0x7c0\n[ 174.854516][ T9784] ? __pfx_hfsplus_unlink+0x10/0x10\n[ 174.854525][ T9784] ? down_write+0x148/0x200\n[ 174.854532][ T9784] ? __pfx_down_write+0x10/0x10\n[ 174.854540][ T9784] vfs_unlink+0x2fe/0x9b0\n[ 174.854549][ T9784] do_unlinkat+0x490/0x670\n[ 174.854557][ T9784] ? __pfx_do_unlinkat+0x10/0x10\n[ 174.854565][ T9784] ? __might_fault+0xbc/0x130\n[ 174.854576][ T9784] ? getname_flags.part.0+0x1c5/0x550\n[ 174.854584][ T9784] __x64_sys_unlink+0xc5/0x110\n[ 174.854592][ T9784] do_syscall_64+0xc9/0x480\n[ 174.854600][ T9784] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 174.854608][ T9784] RIP: 0033:0x7f6fdf4c3167\n[ 174.854614][ T9784] Code: f0 ff ff 73 01 c3 48 8b 0d 26 0d 0e 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 08\n[ 174.854622][ T9784] RSP: 002b:00007ffcb948bca8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057\n[ 174.854630][ T9784] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6fdf4c3167\n[ 174.854636][ T9784] RDX: 00007ffcb948bcc0 RSI: 00007ffcb948bcc0 RDI: 00007ffcb948bd50\n[ 174.854641][ T9784] RBP: 00007ffcb948cd90 R08: 0000000000000001 R09: 00007ffcb948bb40\n[ 174.854645][ T9784] R10: 00007f6fdf564fc0 R11: 0000000000000206 R12: 0000561e1bc9c2d0\n[ 174.854650][ T9784] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 174.854658][ T9784] \u003c/TASK\u003e\n[ 174.854661][ T9784]\n[ 174.879281][ T9784] Allocated by task 9784:\n[ 174.879664][ T9784] kasan_save_stack+0x20/0x40\n[ 174.880082][ T9784] kasan_save_track+0x14/0x30\n[ 174.880500][ T9784] __kasan_kmalloc+0xaa/0xb0\n[ 174.880908][ T9784] __kmalloc_noprof+0x205/0x550\n[ 174.881337][ T9784] __hfs_bnode_create+0x107/0x890\n[ 174.881779][ T9784] hfsplus_bnode_find+0x2d0/0xd10\n[ 174.882222][ T9784] hfsplus_brec_find+0x2b0/0x520\n[ 174.882659][ T9784] hfsplus_delete_all_attrs+0x23b/0x3\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38714",
"url": "https://www.suse.com/security/cve/CVE-2025-38714"
},
{
"category": "external",
"summary": "SUSE Bug 1249260 for CVE-2025-38714",
"url": "https://bugzilla.suse.com/1249260"
},
{
"category": "external",
"summary": "SUSE Bug 1249596 for CVE-2025-38714",
"url": "https://bugzilla.suse.com/1249596"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38714"
},
{
"cve": "CVE-2025-38715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38715"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix slab-out-of-bounds in hfs_bnode_read()\n\nThis patch introduces is_bnode_offset_valid() method that checks\nthe requested offset value. Also, it introduces\ncheck_and_correct_requested_length() method that checks and\ncorrect the requested length (if it is necessary). These methods\nare used in hfs_bnode_read(), hfs_bnode_write(), hfs_bnode_clear(),\nhfs_bnode_copy(), and hfs_bnode_move() with the goal to prevent\nthe access out of allocated memory and triggering the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38715",
"url": "https://www.suse.com/security/cve/CVE-2025-38715"
},
{
"category": "external",
"summary": "SUSE Bug 1249196 for CVE-2025-38715",
"url": "https://bugzilla.suse.com/1249196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38715"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-38724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n\nLei Lu recently reported that nfsd4_setclientid_confirm() did not check\nthe return value from get_client_locked(). a SETCLIENTID_CONFIRM could\nrace with a confirmed client expiring and fail to get a reference. That\ncould later lead to a UAF.\n\nFix this by getting a reference early in the case where there is an\nextant confirmed client. If that fails then treat it as if there were no\nconfirmed client found at all.\n\nIn the case where the unconfirmed client is expiring, just fail and\nreturn the result from get_client_locked().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38724",
"url": "https://www.suse.com/security/cve/CVE-2025-38724"
},
{
"category": "external",
"summary": "SUSE Bug 1249169 for CVE-2025-38724",
"url": "https://bugzilla.suse.com/1249169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38724"
},
{
"cve": "CVE-2025-38725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: add phy_mask for ax88772 mdio bus\n\nWithout setting phy_mask for ax88772 mdio bus, current driver may create\nat most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f.\nDLink DUB-E100 H/W Ver B1 is such a device. However, only one main phy\ndevice will bind to net phy driver. This is creating issue during system\nsuspend/resume since phy_polling_mode() in phy_state_machine() will\ndirectly deference member of phydev-\u003edrv for non-main phy devices. Then\nNULL pointer dereference issue will occur. Due to only external phy or\ninternal phy is necessary, add phy_mask for ax88772 mdio bus to workarnoud\nthe issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38725",
"url": "https://www.suse.com/security/cve/CVE-2025-38725"
},
{
"category": "external",
"summary": "SUSE Bug 1249170 for CVE-2025-38725",
"url": "https://bugzilla.suse.com/1249170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38725"
},
{
"cve": "CVE-2025-38727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: avoid infinite retry looping in netlink_unicast()\n\nnetlink_attachskb() checks for the socket\u0027s read memory allocation\nconstraints. Firstly, it has:\n\n rmem \u003c READ_ONCE(sk-\u003esk_rcvbuf)\n\nto check if the just increased rmem value fits into the socket\u0027s receive\nbuffer. If not, it proceeds and tries to wait for the memory under:\n\n rmem + skb-\u003etruesize \u003e READ_ONCE(sk-\u003esk_rcvbuf)\n\nThe checks don\u0027t cover the case when skb-\u003etruesize + sk-\u003esk_rmem_alloc is\nequal to sk-\u003esk_rcvbuf. Thus the function neither successfully accepts\nthese conditions, nor manages to reschedule the task - and is called in\nretry loop for indefinite time which is caught as:\n\n rcu: INFO: rcu_sched self-detected stall on CPU\n rcu: 0-....: (25999 ticks this GP) idle=ef2/1/0x4000000000000000 softirq=262269/262269 fqs=6212\n (t=26000 jiffies g=230833 q=259957)\n NMI backtrace for cpu 0\n CPU: 0 PID: 22 Comm: kauditd Not tainted 5.10.240 #68\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc42 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack lib/dump_stack.c:120\n nmi_cpu_backtrace.cold lib/nmi_backtrace.c:105\n nmi_trigger_cpumask_backtrace lib/nmi_backtrace.c:62\n rcu_dump_cpu_stacks kernel/rcu/tree_stall.h:335\n rcu_sched_clock_irq.cold kernel/rcu/tree.c:2590\n update_process_times kernel/time/timer.c:1953\n tick_sched_handle kernel/time/tick-sched.c:227\n tick_sched_timer kernel/time/tick-sched.c:1399\n __hrtimer_run_queues kernel/time/hrtimer.c:1652\n hrtimer_interrupt kernel/time/hrtimer.c:1717\n __sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1113\n asm_call_irq_on_stack arch/x86/entry/entry_64.S:808\n \u003c/IRQ\u003e\n\n netlink_attachskb net/netlink/af_netlink.c:1234\n netlink_unicast net/netlink/af_netlink.c:1349\n kauditd_send_queue kernel/audit.c:776\n kauditd_thread kernel/audit.c:897\n kthread kernel/kthread.c:328\n ret_from_fork arch/x86/entry/entry_64.S:304\n\nRestore the original behavior of the check which commit in Fixes\naccidentally missed when restructuring the code.\n\nFound by Linux Verification Center (linuxtesting.org).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38727",
"url": "https://www.suse.com/security/cve/CVE-2025-38727"
},
{
"category": "external",
"summary": "SUSE Bug 1249166 for CVE-2025-38727",
"url": "https://bugzilla.suse.com/1249166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38727"
},
{
"cve": "CVE-2025-38729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38729",
"url": "https://www.suse.com/security/cve/CVE-2025-38729"
},
{
"category": "external",
"summary": "SUSE Bug 1249164 for CVE-2025-38729",
"url": "https://bugzilla.suse.com/1249164"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38729"
},
{
"cve": "CVE-2025-38734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38734"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix UAF on smcsk after smc_listen_out()\n\nBPF CI testing report a UAF issue:\n\n [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0\n [ 16.447134] #PF: supervisor read access in kernel mod e\n [ 16.447516] #PF: error_code(0x0000) - not-present pag e\n [ 16.447878] PGD 0 P4D 0\n [ 16.448063] Oops: Oops: 0000 [#1] PREEMPT SMP NOPT I\n [ 16.448409] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Tainted: G OE 6.13.0-rc3-g89e8a75fda73-dirty #4 2\n [ 16.449124] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODUL E\n [ 16.449502] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/201 4\n [ 16.450201] Workqueue: smc_hs_wq smc_listen_wor k\n [ 16.450531] RIP: 0010:smc_listen_work+0xc02/0x159 0\n [ 16.452158] RSP: 0018:ffffb5ab40053d98 EFLAGS: 0001024 6\n [ 16.452526] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 000000000000030 0\n [ 16.452994] RDX: 0000000000000280 RSI: 00003513840053f0 RDI: 000000000000000 0\n [ 16.453492] RBP: ffffa097808e3800 R08: ffffa09782dba1e0 R09: 000000000000000 5\n [ 16.453987] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa0978274640 0\n [ 16.454497] R13: 0000000000000000 R14: 0000000000000000 R15: ffffa09782d4092 0\n [ 16.454996] FS: 0000000000000000(0000) GS:ffffa097bbc00000(0000) knlGS:000000000000000 0\n [ 16.455557] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003 3\n [ 16.455961] CR2: 0000000000000030 CR3: 0000000102788004 CR4: 0000000000770ef 0\n [ 16.456459] PKRU: 5555555 4\n [ 16.456654] Call Trace :\n [ 16.456832] \u003cTASK \u003e\n [ 16.456989] ? __die+0x23/0x7 0\n [ 16.457215] ? page_fault_oops+0x180/0x4c 0\n [ 16.457508] ? __lock_acquire+0x3e6/0x249 0\n [ 16.457801] ? exc_page_fault+0x68/0x20 0\n [ 16.458080] ? asm_exc_page_fault+0x26/0x3 0\n [ 16.458389] ? smc_listen_work+0xc02/0x159 0\n [ 16.458689] ? smc_listen_work+0xc02/0x159 0\n [ 16.458987] ? lock_is_held_type+0x8f/0x10 0\n [ 16.459284] process_one_work+0x1ea/0x6d 0\n [ 16.459570] worker_thread+0x1c3/0x38 0\n [ 16.459839] ? __pfx_worker_thread+0x10/0x1 0\n [ 16.460144] kthread+0xe0/0x11 0\n [ 16.460372] ? __pfx_kthread+0x10/0x1 0\n [ 16.460640] ret_from_fork+0x31/0x5 0\n [ 16.460896] ? __pfx_kthread+0x10/0x1 0\n [ 16.461166] ret_from_fork_asm+0x1a/0x3 0\n [ 16.461453] \u003c/TASK \u003e\n [ 16.461616] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_testmod(OE) ]\n [ 16.462134] CR2: 000000000000003 0\n [ 16.462380] ---[ end trace 0000000000000000 ]---\n [ 16.462710] RIP: 0010:smc_listen_work+0xc02/0x1590\n\nThe direct cause of this issue is that after smc_listen_out_connected(),\nnewclcsock-\u003esk may be NULL since it will releases the smcsk. Therefore,\nif the application closes the socket immediately after accept,\nnewclcsock-\u003esk can be NULL. A possible execution order could be as\nfollows:\n\nsmc_listen_work | userspace\n-----------------------------------------------------------------\nlock_sock(sk) |\nsmc_listen_out_connected() |\n| \\- smc_listen_out |\n| | \\- release_sock |\n | |- sk-\u003esk_data_ready() |\n | fd = accept();\n | close(fd);\n | \\- socket-\u003esk = NULL;\n/* newclcsock-\u003esk is NULL now */\nSMC_STAT_SERV_SUCC_INC(sock_net(newclcsock-\u003esk))\n\nSince smc_listen_out_connected() will not fail, simply swapping the order\nof the code can easily fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38734",
"url": "https://www.suse.com/security/cve/CVE-2025-38734"
},
{
"category": "external",
"summary": "SUSE Bug 1249324 for CVE-2025-38734",
"url": "https://bugzilla.suse.com/1249324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38734"
},
{
"cve": "CVE-2025-38735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: prevent ethtool ops after shutdown\n\nA crash can occur if an ethtool operation is invoked\nafter shutdown() is called.\n\nshutdown() is invoked during system shutdown to stop DMA operations\nwithout performing expensive deallocations. It is discouraged to\nunregister the netdev in this path, so the device may still be visible\nto userspace and kernel helpers.\n\nIn gve, shutdown() tears down most internal data structures. If an\nethtool operation is dispatched after shutdown(), it will dereference\nfreed or NULL pointers, leading to a kernel panic. While graceful\nshutdown normally quiesces userspace before invoking the reboot\nsyscall, forced shutdowns (as observed on GCP VMs) can still trigger\nthis path.\n\nFix by calling netif_device_detach() in shutdown().\nThis marks the device as detached so the ethtool ioctl handler\nwill skip dispatching operations to the driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38735",
"url": "https://www.suse.com/security/cve/CVE-2025-38735"
},
{
"category": "external",
"summary": "SUSE Bug 1249288 for CVE-2025-38735",
"url": "https://bugzilla.suse.com/1249288"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38735"
},
{
"cve": "CVE-2025-38736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: asix_devices: Fix PHY address mask in MDIO bus initialization\n\nSyzbot reported shift-out-of-bounds exception on MDIO bus initialization.\n\nThe PHY address should be masked to 5 bits (0-31). Without this\nmask, invalid PHY addresses could be used, potentially causing issues\nwith MDIO bus operations.\n\nFix this by masking the PHY address with 0x1f (31 decimal) to ensure\nit stays within the valid range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38736",
"url": "https://www.suse.com/security/cve/CVE-2025-38736"
},
{
"category": "external",
"summary": "SUSE Bug 1249318 for CVE-2025-38736",
"url": "https://bugzilla.suse.com/1249318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-38736"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39675"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()\n\nThe function mod_hdcp_hdcp1_create_session() calls the function\nget_first_active_display(), but does not check its return value.\nThe return value is a null pointer if the display list is empty.\nThis will lead to a null pointer dereference.\n\nAdd a null pointer check for get_first_active_display() and return\nMOD_HDCP_STATUS_DISPLAY_NOT_FOUND if the function return null.\n\nThis is similar to the commit c3e9826a2202\n(\"drm/amd/display: Add null pointer check for get_first_active_display()\").\n\n(cherry picked from commit 5e43eb3cd731649c4f8b9134f857be62a416c893)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39675",
"url": "https://www.suse.com/security/cve/CVE-2025-39675"
},
{
"category": "external",
"summary": "SUSE Bug 1249263 for CVE-2025-39675",
"url": "https://bugzilla.suse.com/1249263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39675"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39679"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().\n\nWhen the nvif_vmm_type is invalid, we will return error directly\nwithout freeing the args in nvif_vmm_ctor(), which leading a memory\nleak. Fix it by setting the ret -EINVAL and goto done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39679",
"url": "https://www.suse.com/security/cve/CVE-2025-39679"
},
{
"category": "external",
"summary": "SUSE Bug 1249338 for CVE-2025-39679",
"url": "https://bugzilla.suse.com/1249338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39679"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39684"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()\n\nsyzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel\nbuffer is allocated to hold `insn-\u003en` samples (each of which is an\n`unsigned int`). For some instruction types, `insn-\u003en` samples are\ncopied back to user-space, unless an error code is being returned. The\nproblem is that not all the instruction handlers that need to return\ndata to userspace fill in the whole `insn-\u003en` samples, so that there is\nan information leak. There is a similar syzbot report for\n`do_insnlist_ioctl()`, although it does not have a reproducer for it at\nthe time of writing.\n\nOne culprit is `insn_rw_emulate_bits()` which is used as the handler for\n`INSN_READ` or `INSN_WRITE` instructions for subdevices that do not have\na specific handler for that instruction, but do have an `INSN_BITS`\nhandler. For `INSN_READ` it only fills in at most 1 sample, so if\n`insn-\u003en` is greater than 1, the remaining `insn-\u003en - 1` samples copied\nto userspace will be uninitialized kernel data.\n\nAnother culprit is `vm80xx_ai_insn_read()` in the \"vm80xx\" driver. It\nnever returns an error, even if it fails to fill the buffer.\n\nFix it in `do_insn_ioctl()` and `do_insnlist_ioctl()` by making sure\nthat uninitialized parts of the allocated buffer are zeroed before\nhandling each instruction.\n\nThanks to Arnaud Lecomte for their fix to `do_insn_ioctl()`. That fix\nreplaced the call to `kmalloc_array()` with `kcalloc()`, but it is not\nalways necessary to clear the whole buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39684",
"url": "https://www.suse.com/security/cve/CVE-2025-39684"
},
{
"category": "external",
"summary": "SUSE Bug 1249281 for CVE-2025-39684",
"url": "https://bugzilla.suse.com/1249281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39684"
},
{
"cve": "CVE-2025-39685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl726: Prevent invalid irq number\n\nThe reproducer passed in an irq number(0x80008000) that was too large,\nwhich triggered the oob.\n\nAdded an interrupt number check to prevent users from passing in an irq\nnumber that was too large.\n\nIf `it-\u003eoptions[1]` is 31, then `1 \u003c\u003c it-\u003eoptions[1]` is still invalid\nbecause it shifts a 1-bit into the sign bit (which is UB in C).\nPossible solutions include reducing the upper bound on the\n`it-\u003eoptions[1]` value to 30 or lower, or using `1U \u003c\u003c it-\u003eoptions[1]`.\n\nThe old code would just not attempt to request the IRQ if the\n`options[1]` value were invalid. And it would still configure the\ndevice without interrupts even if the call to `request_irq` returned an\nerror. So it would be better to combine this test with the test below.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39685",
"url": "https://www.suse.com/security/cve/CVE-2025-39685"
},
{
"category": "external",
"summary": "SUSE Bug 1249282 for CVE-2025-39685",
"url": "https://bugzilla.suse.com/1249282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39685"
},
{
"cve": "CVE-2025-39686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: Make insn_rw_emulate_bits() do insn-\u003en samples\n\nThe `insn_rw_emulate_bits()` function is used as a default handler for\n`INSN_READ` instructions for subdevices that have a handler for\n`INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default\nhandler for `INSN_WRITE` instructions for subdevices that have a handler\nfor `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the\n`INSN_READ` or `INSN_WRITE` instruction handling with a constructed\n`INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE`\ninstructions are supposed to be able read or write multiple samples,\nindicated by the `insn-\u003en` value, but `insn_rw_emulate_bits()` currently\nonly handles a single sample. For `INSN_READ`, the comedi core will\ncopy `insn-\u003en` samples back to user-space. (That triggered KASAN\nkernel-infoleak errors when `insn-\u003en` was greater than 1, but that is\nbeing fixed more generally elsewhere in the comedi core.)\n\nMake `insn_rw_emulate_bits()` either handle `insn-\u003en` samples, or return\nan error, to conform to the general expectation for `INSN_READ` and\n`INSN_WRITE` handlers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39686",
"url": "https://www.suse.com/security/cve/CVE-2025-39686"
},
{
"category": "external",
"summary": "SUSE Bug 1249312 for CVE-2025-39686",
"url": "https://bugzilla.suse.com/1249312"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39686"
},
{
"cve": "CVE-2025-39693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Avoid a NULL pointer dereference\n\n[WHY]\nAlthough unlikely drm_atomic_get_new_connector_state() or\ndrm_atomic_get_old_connector_state() can return NULL.\n\n[HOW]\nCheck returns before dereference.\n\n(cherry picked from commit 1e5e8d672fec9f2ab352be121be971877bff2af9)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39693",
"url": "https://www.suse.com/security/cve/CVE-2025-39693"
},
{
"category": "external",
"summary": "SUSE Bug 1249279 for CVE-2025-39693",
"url": "https://bugzilla.suse.com/1249279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39693"
},
{
"cve": "CVE-2025-39694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/sclp: Fix SCCB present check\n\nTracing code called by the SCLP interrupt handler contains early exits\nif the SCCB address associated with an interrupt is NULL. This check is\nperformed after physical to virtual address translation.\n\nIf the kernel identity mapping does not start at address zero, the\nresulting virtual address is never zero, so that the NULL checks won\u0027t\nwork. Subsequently this may result in incorrect accesses to the first\npage of the identity mapping.\n\nFix this by introducing a function that handles the NULL case before\naddress translation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39694",
"url": "https://www.suse.com/security/cve/CVE-2025-39694"
},
{
"category": "external",
"summary": "SUSE Bug 1249299 for CVE-2025-39694",
"url": "https://bugzilla.suse.com/1249299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39694"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39701"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: pfr_update: Fix the driver update version check\n\nThe security-version-number check should be used rather\nthan the runtime version check for driver updates.\n\nOtherwise, the firmware update would fail when the update binary had\na lower runtime version number than the current one.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39701",
"url": "https://www.suse.com/security/cve/CVE-2025-39701"
},
{
"category": "external",
"summary": "SUSE Bug 1249308 for CVE-2025-39701",
"url": "https://bugzilla.suse.com/1249308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39701"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39706"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Destroy KFD debugfs after destroy KFD wq\n\nSince KFD proc content was moved to kernel debugfs, we can\u0027t destroy KFD\ndebugfs before kfd_process_destroy_wq. Move kfd_process_destroy_wq prior\nto kfd_debugfs_fini to fix a kernel NULL pointer problem. It happens\nwhen /sys/kernel/debug/kfd was already destroyed in kfd_debugfs_fini but\nkfd_process_destroy_wq calls kfd_debugfs_remove_process. This line\n debugfs_remove_recursive(entry-\u003eproc_dentry);\ntries to remove /sys/kernel/debug/kfd/proc/\u003cpid\u003e while\n/sys/kernel/debug/kfd is already gone. It hangs the kernel by kernel\nNULL pointer.\n\n(cherry picked from commit 0333052d90683d88531558dcfdbf2525cc37c233)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39706",
"url": "https://www.suse.com/security/cve/CVE-2025-39706"
},
{
"category": "external",
"summary": "SUSE Bug 1249413 for CVE-2025-39706",
"url": "https://bugzilla.suse.com/1249413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39706"
},
{
"cve": "CVE-2025-39709",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39709"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: protect against spurious interrupts during probe\n\nMake sure the interrupt handler is initialized before the interrupt is\nregistered.\n\nIf the IRQ is registered before hfi_create(), it\u0027s possible that an\ninterrupt fires before the handler setup is complete, leading to a NULL\ndereference.\n\nThis error condition has been observed during system boot on Rb3Gen2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39709",
"url": "https://www.suse.com/security/cve/CVE-2025-39709"
},
{
"category": "external",
"summary": "SUSE Bug 1249278 for CVE-2025-39709",
"url": "https://bugzilla.suse.com/1249278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39709"
},
{
"cve": "CVE-2025-39710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39710"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: Add a check for packet size after reading from shared memory\n\nAdd a check to ensure that the packet size does not exceed the number of\navailable words after reading the packet header from shared memory. This\nensures that the size provided by the firmware is safe to process and\nprevent potential out-of-bounds memory access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39710",
"url": "https://www.suse.com/security/cve/CVE-2025-39710"
},
{
"category": "external",
"summary": "SUSE Bug 1249304 for CVE-2025-39710",
"url": "https://bugzilla.suse.com/1249304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39710"
},
{
"cve": "CVE-2025-39713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()\n\nIn the interrupt handler rain_interrupt(), the buffer full check on\nrain-\u003ebuf_len is performed before acquiring rain-\u003ebuf_lock. This\ncreates a Time-of-Check to Time-of-Use (TOCTOU) race condition, as\nrain-\u003ebuf_len is concurrently accessed and modified in the work\nhandler rain_irq_work_handler() under the same lock.\n\nMultiple interrupt invocations can race, with each reading buf_len\nbefore it becomes full and then proceeding. This can lead to both\ninterrupts attempting to write to the buffer, incrementing buf_len\nbeyond its capacity (DATA_SIZE) and causing a buffer overflow.\n\nFix this bug by moving the spin_lock() to before the buffer full\ncheck. This ensures that the check and the subsequent buffer modification\nare performed atomically, preventing the race condition. An corresponding\nspin_unlock() is added to the overflow path to correctly release the\nlock.\n\nThis possible bug was found by an experimental static analysis tool\ndeveloped by our team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39713",
"url": "https://www.suse.com/security/cve/CVE-2025-39713"
},
{
"category": "external",
"summary": "SUSE Bug 1249321 for CVE-2025-39713",
"url": "https://bugzilla.suse.com/1249321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39713"
},
{
"cve": "CVE-2025-39714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39714"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Lock resolution while streaming\n\nWhen an program is streaming (ffplay) and another program (qv4l2)\nchanges the TV standard from NTSC to PAL, the kernel crashes due to trying\nto copy to unmapped memory.\n\nChanging from NTSC to PAL increases the resolution in the usbtv struct,\nbut the video plane buffer isn\u0027t adjusted, so it overflows.\n\n[hverkuil: call vb2_is_busy instead of vb2_is_streaming]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39714",
"url": "https://www.suse.com/security/cve/CVE-2025-39714"
},
{
"category": "external",
"summary": "SUSE Bug 1249273 for CVE-2025-39714",
"url": "https://bugzilla.suse.com/1249273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39714"
},
{
"cve": "CVE-2025-39719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39719"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: bno055: fix OOB access of hw_xlate array\n\nFix a potential out-of-bounds array access of the hw_xlate array in\nbno055.c.\n\nIn bno055_get_regmask(), hw_xlate was iterated over the length of the\nvals array instead of the length of the hw_xlate array. In the case of\nbno055_gyr_scale, the vals array is larger than the hw_xlate array,\nso this could result in an out-of-bounds access. In practice, this\nshouldn\u0027t happen though because a match should always be found which\nbreaks out of the for loop before it iterates beyond the end of the\nhw_xlate array.\n\nBy adding a new hw_xlate_len field to the bno055_sysfs_attr, we can be\nsure we are iterating over the correct length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39719",
"url": "https://www.suse.com/security/cve/CVE-2025-39719"
},
{
"category": "external",
"summary": "SUSE Bug 1249271 for CVE-2025-39719",
"url": "https://bugzilla.suse.com/1249271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39719"
},
{
"cve": "CVE-2025-39721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - flush misc workqueue during device shutdown\n\nRepeated loading and unloading of a device specific QAT driver, for\nexample qat_4xxx, in a tight loop can lead to a crash due to a\nuse-after-free scenario. This occurs when a power management (PM)\ninterrupt triggers just before the device-specific driver (e.g.,\nqat_4xxx.ko) is unloaded, while the core driver (intel_qat.ko) remains\nloaded.\n\nSince the driver uses a shared workqueue (`qat_misc_wq`) across all\ndevices and owned by intel_qat.ko, a deferred routine from the\ndevice-specific driver may still be pending in the queue. If this\nroutine executes after the driver is unloaded, it can dereference freed\nmemory, resulting in a page fault and kernel crash like the following:\n\n BUG: unable to handle page fault for address: ffa000002e50a01c\n #PF: supervisor read access in kernel mode\n RIP: 0010:pm_bh_handler+0x1d2/0x250 [intel_qat]\n Call Trace:\n pm_bh_handler+0x1d2/0x250 [intel_qat]\n process_one_work+0x171/0x340\n worker_thread+0x277/0x3a0\n kthread+0xf0/0x120\n ret_from_fork+0x2d/0x50\n\nTo prevent this, flush the misc workqueue during device shutdown to\nensure that all pending work items are completed before the driver is\nunloaded.\n\nNote: This approach may slightly increase shutdown latency if the\nworkqueue contains jobs from other devices, but it ensures correctness\nand stability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39721",
"url": "https://www.suse.com/security/cve/CVE-2025-39721"
},
{
"category": "external",
"summary": "SUSE Bug 1249323 for CVE-2025-39721",
"url": "https://bugzilla.suse.com/1249323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39721"
},
{
"cve": "CVE-2025-39724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250: fix panic due to PSLVERR\n\nWhen the PSLVERR_RESP_EN parameter is set to 1, the device generates\nan error response if an attempt is made to read an empty RBR (Receive\nBuffer Register) while the FIFO is enabled.\n\nIn serial8250_do_startup(), calling serial_port_out(port, UART_LCR,\nUART_LCR_WLEN8) triggers dw8250_check_lcr(), which invokes\ndw8250_force_idle() and serial8250_clear_and_reinit_fifos(). The latter\nfunction enables the FIFO via serial_out(p, UART_FCR, p-\u003efcr).\nExecution proceeds to the serial_port_in(port, UART_RX).\nThis satisfies the PSLVERR trigger condition.\n\nWhen another CPU (e.g., using printk()) is accessing the UART (UART\nis busy), the current CPU fails the check (value \u0026 ~UART_LCR_SPAR) ==\n(lcr \u0026 ~UART_LCR_SPAR) in dw8250_check_lcr(), causing it to enter\ndw8250_force_idle().\n\nPut serial_port_out(port, UART_LCR, UART_LCR_WLEN8) under the port-\u003elock\nto fix this issue.\n\nPanic backtrace:\n[ 0.442336] Oops - unknown exception [#1]\n[ 0.442343] epc : dw8250_serial_in32+0x1e/0x4a\n[ 0.442351] ra : serial8250_do_startup+0x2c8/0x88e\n...\n[ 0.442416] console_on_rootfs+0x26/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39724",
"url": "https://www.suse.com/security/cve/CVE-2025-39724"
},
{
"category": "external",
"summary": "SUSE Bug 1249265 for CVE-2025-39724",
"url": "https://bugzilla.suse.com/1249265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39724"
},
{
"cve": "CVE-2025-39726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ism: fix concurrency management in ism_cmd()\n\nThe s390x ISM device data sheet clearly states that only one\nrequest-response sequence is allowable per ISM function at any point in\ntime. Unfortunately as of today the s390/ism driver in Linux does not\nhonor that requirement. This patch aims to rectify that.\n\nThis problem was discovered based on Aliaksei\u0027s bug report which states\nthat for certain workloads the ISM functions end up entering error state\n(with PEC 2 as seen from the logs) after a while and as a consequence\nconnections handled by the respective function break, and for future\nconnection requests the ISM device is not considered -- given it is in a\ndysfunctional state. During further debugging PEC 3A was observed as\nwell.\n\nA kernel message like\n[ 1211.244319] zpci: 061a:00:00.0: Event 0x2 reports an error for PCI function 0x61a\nis a reliable indicator of the stated function entering error state\nwith PEC 2. Let me also point out that a kernel message like\n[ 1211.244325] zpci: 061a:00:00.0: The ism driver bound to the device does not support error recovery\nis a reliable indicator that the ISM function won\u0027t be auto-recovered\nbecause the ISM driver currently lacks support for it.\n\nOn a technical level, without this synchronization, commands (inputs to\nthe FW) may be partially or fully overwritten (corrupted) by another CPU\ntrying to issue commands on the same function. There is hard evidence that\nthis can lead to DMB token values being used as DMB IOVAs, leading to\nPEC 2 PCI events indicating invalid DMA. But this is only one of the\nfailure modes imaginable. In theory even completely losing one command\nand executing another one twice and then trying to interpret the outputs\nas if the command we intended to execute was actually executed and not\nthe other one is also possible. Frankly, I don\u0027t feel confident about\nproviding an exhaustive list of possible consequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39726",
"url": "https://www.suse.com/security/cve/CVE-2025-39726"
},
{
"category": "external",
"summary": "SUSE Bug 1249266 for CVE-2025-39726",
"url": "https://bugzilla.suse.com/1249266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39726"
},
{
"cve": "CVE-2025-39730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\n\nThe function needs to check the minimal filehandle length before it can\naccess the embedded filehandle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39730",
"url": "https://www.suse.com/security/cve/CVE-2025-39730"
},
{
"category": "external",
"summary": "SUSE Bug 1249296 for CVE-2025-39730",
"url": "https://bugzilla.suse.com/1249296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39730"
},
{
"cve": "CVE-2025-39732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()\n\nath11k_mac_disable_peer_fixed_rate() is passed as the iterator to\nieee80211_iterate_stations_atomic(). Note in this case the iterator is\nrequired to be atomic, however ath11k_mac_disable_peer_fixed_rate() does\nnot follow it as it might sleep. Consequently below warning is seen:\n\nBUG: sleeping function called from invalid context at wmi.c:304\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl\n __might_resched.cold\n ath11k_wmi_cmd_send\n ath11k_wmi_set_peer_param\n ath11k_mac_disable_peer_fixed_rate\n ieee80211_iterate_stations_atomic\n ath11k_mac_op_set_bitrate_mask.cold\n\nChange to ieee80211_iterate_stations_mtx() to fix this issue.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39732",
"url": "https://www.suse.com/security/cve/CVE-2025-39732"
},
{
"category": "external",
"summary": "SUSE Bug 1249292 for CVE-2025-39732",
"url": "https://bugzilla.suse.com/1249292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39732"
},
{
"cve": "CVE-2025-39739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-qcom: Add SM6115 MDSS compatible\n\nAdd the SM6115 MDSS compatible to clients compatible list, as it also\nneeds that workaround.\nWithout this workaround, for example, QRB4210 RB2 which is based on\nSM4250/SM6115 generates a lot of smmu unhandled context faults during\nboot:\n\narm_smmu_context_fault: 116854 callbacks suppressed\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0ec600, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\narm-smmu c600000.iommu: FSYNR0 = 00320021 [S1CBNDX=50 PNU PLVL=1]\narm-smmu c600000.iommu: Unhandled context fault: fsr=0x402,\niova=0x5c0d7800, fsynr=0x320021, cbfrsynra=0x420, cb=5\narm-smmu c600000.iommu: FSR = 00000402 [Format=2 TF], SID=0x420\n\nand also failed initialisation of lontium lt9611uxc, gpu and dpu is\nobserved:\n(binding MDSS components triggered by lt9611uxc have failed)\n\n ------------[ cut here ]------------\n !aspace\n WARNING: CPU: 6 PID: 324 at drivers/gpu/drm/msm/msm_gem_vma.c:130 msm_gem_vma_init+0x150/0x18c [msm]\n Modules linked in: ... (long list of modules)\n CPU: 6 UID: 0 PID: 324 Comm: (udev-worker) Not tainted 6.15.0-03037-gaacc73ceeb8b #4 PREEMPT\n Hardware name: Qualcomm Technologies, Inc. QRB4210 RB2 (DT)\n pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : msm_gem_vma_init+0x150/0x18c [msm]\n lr : msm_gem_vma_init+0x150/0x18c [msm]\n sp : ffff80008144b280\n \t\t...\n Call trace:\n msm_gem_vma_init+0x150/0x18c [msm] (P)\n get_vma_locked+0xc0/0x194 [msm]\n msm_gem_get_and_pin_iova_range+0x4c/0xdc [msm]\n msm_gem_kernel_new+0x48/0x160 [msm]\n msm_gpu_init+0x34c/0x53c [msm]\n adreno_gpu_init+0x1b0/0x2d8 [msm]\n a6xx_gpu_init+0x1e8/0x9e0 [msm]\n adreno_bind+0x2b8/0x348 [msm]\n component_bind_all+0x100/0x230\n msm_drm_bind+0x13c/0x3d0 [msm]\n try_to_bring_up_aggregate_device+0x164/0x1d0\n __component_add+0xa4/0x174\n component_add+0x14/0x20\n dsi_dev_attach+0x20/0x34 [msm]\n dsi_host_attach+0x58/0x98 [msm]\n devm_mipi_dsi_attach+0x34/0x90\n lt9611uxc_attach_dsi.isra.0+0x94/0x124 [lontium_lt9611uxc]\n lt9611uxc_probe+0x540/0x5fc [lontium_lt9611uxc]\n i2c_device_probe+0x148/0x2a8\n really_probe+0xbc/0x2c0\n __driver_probe_device+0x78/0x120\n driver_probe_device+0x3c/0x154\n __driver_attach+0x90/0x1a0\n bus_for_each_dev+0x68/0xb8\n driver_attach+0x24/0x30\n bus_add_driver+0xe4/0x208\n driver_register+0x68/0x124\n i2c_register_driver+0x48/0xcc\n lt9611uxc_driver_init+0x20/0x1000 [lontium_lt9611uxc]\n do_one_initcall+0x60/0x1d4\n do_init_module+0x54/0x1fc\n load_module+0x1748/0x1c8c\n init_module_from_file+0x74/0xa0\n __arm64_sys_finit_module+0x130/0x2f8\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x2c/0x80\n el0t_64_sync_handler+0x10c/0x138\n el0t_64_sync+0x198/0x19c\n ---[ end trace 0000000000000000 ]---\n msm_dpu 5e01000.display-controller: [drm:msm_gpu_init [msm]] *ERROR* could not allocate memptrs: -22\n msm_dpu 5e01000.display-controller: failed to load adreno gpu\n platform a400000.remoteproc:glink-edge:apr:service@7:dais: Adding to iommu group 19\n msm_dpu 5e01000.display-controller: failed to bind 5900000.gpu (ops a3xx_ops [msm]): -22\n msm_dpu 5e01000.display-controller: adev bind failed: -22\n lt9611uxc 0-002b: failed to attach dsi to host\n lt9611uxc 0-002b: probe with driver lt9611uxc failed with error -22",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39739",
"url": "https://www.suse.com/security/cve/CVE-2025-39739"
},
{
"category": "external",
"summary": "SUSE Bug 1249542 for CVE-2025-39739",
"url": "https://bugzilla.suse.com/1249542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39739"
},
{
"cve": "CVE-2025-39742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()\n\nThe function divides number of online CPUs by num_core_siblings, and\nlater checks the divider by zero. This implies a possibility to get\nand divide-by-zero runtime error. Fix it by moving the check prior to\ndivision. This also helps to save one indentation level.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39742",
"url": "https://www.suse.com/security/cve/CVE-2025-39742"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249479 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249479"
},
{
"category": "external",
"summary": "SUSE Bug 1249480 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1249480"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39742",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39742"
},
{
"cve": "CVE-2025-39743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: truncate good inode pages when hard link is 0\n\nThe fileset value of the inode copy from the disk by the reproducer is\nAGGR_RESERVED_I. When executing evict, its hard link number is 0, so its\ninode pages are not truncated. This causes the bugon to be triggered when\nexecuting clear_inode() because nrpages is greater than 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39743",
"url": "https://www.suse.com/security/cve/CVE-2025-39743"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39743",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1249489 for CVE-2025-39743",
"url": "https://bugzilla.suse.com/1249489"
},
{
"category": "external",
"summary": "SUSE Bug 1249491 for CVE-2025-39743",
"url": "https://bugzilla.suse.com/1249491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39743"
},
{
"cve": "CVE-2025-39750",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39750"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Correct tid cleanup when tid setup fails\n\nCurrently, if any error occurs during ath12k_dp_rx_peer_tid_setup(),\nthe tid value is already incremented, even though the corresponding\nTID is not actually allocated. Proceed to\nath12k_dp_rx_peer_tid_delete() starting from unallocated tid,\nwhich might leads to freeing unallocated TID and cause potential\ncrash or out-of-bounds access.\n\nHence, fix by correctly decrementing tid before cleanup to match only\nthe successfully allocated TIDs.\n\nAlso, remove tid-- from failure case of ath12k_dp_rx_peer_frag_setup(),\nas decrementing the tid before cleanup in loop will take care of this.\n\nCompile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39750",
"url": "https://www.suse.com/security/cve/CVE-2025-39750"
},
{
"category": "external",
"summary": "SUSE Bug 1249523 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1249523"
},
{
"category": "external",
"summary": "SUSE Bug 1252715 for CVE-2025-39750",
"url": "https://bugzilla.suse.com/1252715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39750"
},
{
"cve": "CVE-2025-39751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39751"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39751",
"url": "https://www.suse.com/security/cve/CVE-2025-39751"
},
{
"category": "external",
"summary": "SUSE Bug 1249538 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249538"
},
{
"category": "external",
"summary": "SUSE Bug 1249539 for CVE-2025-39751",
"url": "https://bugzilla.suse.com/1249539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39751"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\n\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39757",
"url": "https://www.suse.com/security/cve/CVE-2025-39757"
},
{
"category": "external",
"summary": "SUSE Bug 1249515 for CVE-2025-39757",
"url": "https://bugzilla.suse.com/1249515"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39757"
},
{
"cve": "CVE-2025-39758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages\n\nEver since commit c2ff29e99a76 (\"siw: Inline do_tcp_sendpages()\"),\nwe have been doing this:\n\nstatic int siw_tcp_sendpages(struct socket *s, struct page **page, int offset,\n size_t size)\n[...]\n /* Calculate the number of bytes we need to push, for this page\n * specifically */\n size_t bytes = min_t(size_t, PAGE_SIZE - offset, size);\n /* If we can\u0027t splice it, then copy it in, as normal */\n if (!sendpage_ok(page[i]))\n msg.msg_flags \u0026= ~MSG_SPLICE_PAGES;\n /* Set the bvec pointing to the page, with len $bytes */\n bvec_set_page(\u0026bvec, page[i], bytes, offset);\n /* Set the iter to $size, aka the size of the whole sendpages (!!!) */\n iov_iter_bvec(\u0026msg.msg_iter, ITER_SOURCE, \u0026bvec, 1, size);\ntry_page_again:\n lock_sock(sk);\n /* Sendmsg with $size size (!!!) */\n rv = tcp_sendmsg_locked(sk, \u0026msg, size);\n\nThis means we\u0027ve been sending oversized iov_iters and tcp_sendmsg calls\nfor a while. This has a been a benign bug because sendpage_ok() always\nreturned true. With the recent slab allocator changes being slowly\nintroduced into next (that disallow sendpage on large kmalloc\nallocations), we have recently hit out-of-bounds crashes, due to slight\ndifferences in iov_iter behavior between the MSG_SPLICE_PAGES and\n\"regular\" copy paths:\n\n(MSG_SPLICE_PAGES)\nskb_splice_from_iter\n iov_iter_extract_pages\n iov_iter_extract_bvec_pages\n uses i-\u003enr_segs to correctly stop in its tracks before OoB\u0027ing everywhere\n skb_splice_from_iter gets a \"short\" read\n\n(!MSG_SPLICE_PAGES)\nskb_copy_to_page_nocache copy=iov_iter_count\n [...]\n copy_from_iter\n /* this doesn\u0027t help */\n if (unlikely(iter-\u003ecount \u003c len))\n len = iter-\u003ecount;\n iterate_bvec\n ... and we run off the bvecs\n\nFix this by properly setting the iov_iter\u0027s byte count, plus sending the\ncorrect byte count to tcp_sendmsg_locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39758",
"url": "https://www.suse.com/security/cve/CVE-2025-39758"
},
{
"category": "external",
"summary": "SUSE Bug 1249490 for CVE-2025-39758",
"url": "https://bugzilla.suse.com/1249490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39758"
},
{
"cve": "CVE-2025-39759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: qgroup: fix race between quota disable and quota rescan ioctl\n\nThere\u0027s a race between a task disabling quotas and another running the\nrescan ioctl that can result in a use-after-free of qgroup records from\nthe fs_info-\u003eqgroup_tree rbtree.\n\nThis happens as follows:\n\n1) Task A enters btrfs_ioctl_quota_rescan() -\u003e btrfs_qgroup_rescan();\n\n2) Task B enters btrfs_quota_disable() and calls\n btrfs_qgroup_wait_for_completion(), which does nothing because at that\n point fs_info-\u003eqgroup_rescan_running is false (it wasn\u0027t set yet by\n task A);\n\n3) Task B calls btrfs_free_qgroup_config() which starts freeing qgroups\n from fs_info-\u003eqgroup_tree without taking the lock fs_info-\u003eqgroup_lock;\n\n4) Task A enters qgroup_rescan_zero_tracking() which starts iterating\n the fs_info-\u003eqgroup_tree tree while holding fs_info-\u003eqgroup_lock,\n but task B is freeing qgroup records from that tree without holding\n the lock, resulting in a use-after-free.\n\nFix this by taking fs_info-\u003eqgroup_lock at btrfs_free_qgroup_config().\nAlso at btrfs_qgroup_rescan() don\u0027t start the rescan worker if quotas\nwere already disabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39759",
"url": "https://www.suse.com/security/cve/CVE-2025-39759"
},
{
"category": "external",
"summary": "SUSE Bug 1249522 for CVE-2025-39759",
"url": "https://bugzilla.suse.com/1249522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39759"
},
{
"cve": "CVE-2025-39760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39760",
"url": "https://www.suse.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "SUSE Bug 1249598 for CVE-2025-39760",
"url": "https://bugzilla.suse.com/1249598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39760"
},
{
"cve": "CVE-2025-39761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Decrement TID on RX peer frag setup error handling\n\nCurrently, TID is not decremented before peer cleanup, during error\nhandling path of ath12k_dp_rx_peer_frag_setup(). This could lead to\nout-of-bounds access in peer-\u003erx_tid[].\n\nHence, add a decrement operation for TID, before peer cleanup to\nensures proper cleanup and prevents out-of-bounds access issues when\nthe RX peer frag setup fails.\n\nFound during code review. Compile tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39761",
"url": "https://www.suse.com/security/cve/CVE-2025-39761"
},
{
"category": "external",
"summary": "SUSE Bug 1249554 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249554"
},
{
"category": "external",
"summary": "SUSE Bug 1249555 for CVE-2025-39761",
"url": "https://bugzilla.suse.com/1249555"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39761"
},
{
"cve": "CVE-2025-39763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered\n\nIf a synchronous error is detected as a result of user-space process\ntriggering a 2-bit uncorrected error, the CPU will take a synchronous\nerror exception such as Synchronous External Abort (SEA) on Arm64. The\nkernel will queue a memory_failure() work which poisons the related\npage, unmaps the page, and then sends a SIGBUS to the process, so that\na system wide panic can be avoided.\n\nHowever, no memory_failure() work will be queued when abnormal\nsynchronous errors occur. These errors can include situations like\ninvalid PA, unexpected severity, no memory failure config support,\ninvalid GUID section, etc. In such a case, the user-space process will\ntrigger SEA again. This loop can potentially exceed the platform\nfirmware threshold or even trigger a kernel hard lockup, leading to a\nsystem reboot.\n\nFix it by performing a force kill if no memory_failure() work is queued\nfor synchronous errors.\n\n[ rjw: Changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39763",
"url": "https://www.suse.com/security/cve/CVE-2025-39763"
},
{
"category": "external",
"summary": "SUSE Bug 1249615 for CVE-2025-39763",
"url": "https://bugzilla.suse.com/1249615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39763"
},
{
"cve": "CVE-2025-39772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39772"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/hisilicon/hibmc: fix the hibmc loaded failed bug\n\nWhen hibmc loaded failed, the driver use hibmc_unload to free the\nresource, but the mutexes in mode.config are not init, which will\naccess an NULL pointer. Just change goto statement to return, because\nhibnc_hw_init() doesn\u0027t need to free anything.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39772",
"url": "https://www.suse.com/security/cve/CVE-2025-39772"
},
{
"category": "external",
"summary": "SUSE Bug 1249506 for CVE-2025-39772",
"url": "https://bugzilla.suse.com/1249506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39772"
},
{
"cve": "CVE-2025-39783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39783"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix configfs group list head handling\n\nDoing a list_del() on the epf_group field of struct pci_epf_driver in\npci_epf_remove_cfs() is not correct as this field is a list head, not\na list entry. This list_del() call triggers a KASAN warning when an\nendpoint function driver which has a configfs attribute group is torn\ndown:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in pci_epf_remove_cfs+0x17c/0x198\nWrite of size 8 at addr ffff00010f4a0d80 by task rmmod/319\n\nCPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE\nHardware name: Radxa ROCK 5B (DT)\nCall trace:\nshow_stack+0x2c/0x84 (C)\ndump_stack_lvl+0x70/0x98\nprint_report+0x17c/0x538\nkasan_report+0xb8/0x190\n__asan_report_store8_noabort+0x20/0x2c\npci_epf_remove_cfs+0x17c/0x198\npci_epf_unregister_driver+0x18/0x30\nnvmet_pci_epf_cleanup_module+0x24/0x30 [nvmet_pci_epf]\n__arm64_sys_delete_module+0x264/0x424\ninvoke_syscall+0x70/0x260\nel0_svc_common.constprop.0+0xac/0x230\ndo_el0_svc+0x40/0x58\nel0_svc+0x48/0xdc\nel0t_64_sync_handler+0x10c/0x138\nel0t_64_sync+0x198/0x19c\n...\n\nRemove this incorrect list_del() call from pci_epf_remove_cfs().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39783",
"url": "https://www.suse.com/security/cve/CVE-2025-39783"
},
{
"category": "external",
"summary": "SUSE Bug 1249486 for CVE-2025-39783",
"url": "https://bugzilla.suse.com/1249486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39783"
},
{
"cve": "CVE-2025-39790",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39790"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Detect events pointing to unexpected TREs\n\nWhen a remote device sends a completion event to the host, it contains a\npointer to the consumed TRE. The host uses this pointer to process all of\nthe TREs between it and the host\u0027s local copy of the ring\u0027s read pointer.\nThis works when processing completion for chained transactions, but can\nlead to nasty results if the device sends an event for a single-element\ntransaction with a read pointer that is multiple elements ahead of the\nhost\u0027s read pointer.\n\nFor instance, if the host accesses an event ring while the device is\nupdating it, the pointer inside of the event might still point to an old\nTRE. If the host uses the channel\u0027s xfer_cb() to directly free the buffer\npointed to by the TRE, the buffer will be double-freed.\n\nThis behavior was observed on an ep that used upstream EP stack without\n\u0027commit 6f18d174b73d (\"bus: mhi: ep: Update read pointer only after buffer\nis written\")\u0027. Where the device updated the events ring pointer before\nupdating the event contents, so it left a window where the host was able to\naccess the stale data the event pointed to, before the device had the\nchance to update them. The usual pattern was that the host received an\nevent pointing to a TRE that is not immediately after the last processed\none, so it got treated as if it was a chained transaction, processing all\nof the TREs in between the two read pointers.\n\nThis commit aims to harden the host by ensuring transactions where the\nevent points to a TRE that isn\u0027t local_rp + 1 are chained.\n\n[mani: added stable tag and reworded commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39790",
"url": "https://www.suse.com/security/cve/CVE-2025-39790"
},
{
"category": "external",
"summary": "SUSE Bug 1249548 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249548"
},
{
"category": "external",
"summary": "SUSE Bug 1249549 for CVE-2025-39790",
"url": "https://bugzilla.suse.com/1249549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39790"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39798",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39798"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix the setting of capabilities when automounting a new filesystem\n\nCapabilities cannot be inherited when we cross into a new filesystem.\nThey need to be reset to the minimal defaults, and then probed for\nagain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39798",
"url": "https://www.suse.com/security/cve/CVE-2025-39798"
},
{
"category": "external",
"summary": "SUSE Bug 1249774 for CVE-2025-39798",
"url": "https://bugzilla.suse.com/1249774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39798"
},
{
"cve": "CVE-2025-39800",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39800"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort transaction on unexpected eb generation at btrfs_copy_root()\n\nIf we find an unexpected generation for the extent buffer we are cloning\nat btrfs_copy_root(), we just WARN_ON() and don\u0027t error out and abort the\ntransaction, meaning we allow to persist metadata with an unexpected\ngeneration. Instead of warning only, abort the transaction and return\n-EUCLEAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39800",
"url": "https://www.suse.com/security/cve/CVE-2025-39800"
},
{
"category": "external",
"summary": "SUSE Bug 1250177 for CVE-2025-39800",
"url": "https://bugzilla.suse.com/1250177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39800"
},
{
"cve": "CVE-2025-39801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39801"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: Remove WARN_ON for device endpoint command timeouts\n\nThis commit addresses a rarely observed endpoint command timeout\nwhich causes kernel panic due to warn when \u0027panic_on_warn\u0027 is enabled\nand unnecessary call trace prints when \u0027panic_on_warn\u0027 is disabled.\nIt is seen during fast software-controlled connect/disconnect testcases.\nThe following is one such endpoint command timeout that we observed:\n\n1. Connect\n =======\n-\u003edwc3_thread_interrupt\n -\u003edwc3_ep0_interrupt\n -\u003econfigfs_composite_setup\n -\u003ecomposite_setup\n -\u003eusb_ep_queue\n -\u003edwc3_gadget_ep0_queue\n -\u003e__dwc3_gadget_ep0_queue\n -\u003e__dwc3_ep0_do_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\n2. Disconnect\n ==========\n-\u003edwc3_thread_interrupt\n -\u003edwc3_gadget_disconnect_interrupt\n -\u003edwc3_ep0_reset_state\n -\u003edwc3_ep0_end_control_data\n -\u003edwc3_send_gadget_ep_cmd\n\nIn the issue scenario, in Exynos platforms, we observed that control\ntransfers for the previous connect have not yet been completed and end\ntransfer command sent as a part of the disconnect sequence and\nprocessing of USB_ENDPOINT_HALT feature request from the host timeout.\nThis maybe an expected scenario since the controller is processing EP\ncommands sent as a part of the previous connect. It maybe better to\nremove WARN_ON in all places where device endpoint commands are sent to\navoid unnecessary kernel panic due to warn.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39801",
"url": "https://www.suse.com/security/cve/CVE-2025-39801"
},
{
"category": "external",
"summary": "SUSE Bug 1250450 for CVE-2025-39801",
"url": "https://bugzilla.suse.com/1250450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39801"
},
{
"cve": "CVE-2025-39806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39806"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: multitouch: fix slab out-of-bounds access in mt_report_fixup()\n\nA malicious HID device can trigger a slab out-of-bounds during\nmt_report_fixup() by passing in report descriptor smaller than\n607 bytes. mt_report_fixup() attempts to patch byte offset 607\nof the descriptor with 0x25 by first checking if byte offset\n607 is 0x15 however it lacks bounds checks to verify if the\ndescriptor is big enough before conducting this check. Fix\nthis bug by ensuring the descriptor size is at least 608\nbytes before accessing it.\n\nBelow is the KASAN splat after the out of bounds access happens:\n\n[ 13.671954] ==================================================================\n[ 13.672667] BUG: KASAN: slab-out-of-bounds in mt_report_fixup+0x103/0x110\n[ 13.673297] Read of size 1 at addr ffff888103df39df by task kworker/0:1/10\n[ 13.673297]\n[ 13.673297] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0-00005-gec5d573d83f4-dirty #3\n[ 13.673297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/04\n[ 13.673297] Call Trace:\n[ 13.673297] \u003cTASK\u003e\n[ 13.673297] dump_stack_lvl+0x5f/0x80\n[ 13.673297] print_report+0xd1/0x660\n[ 13.673297] kasan_report+0xe5/0x120\n[ 13.673297] __asan_report_load1_noabort+0x18/0x20\n[ 13.673297] mt_report_fixup+0x103/0x110\n[ 13.673297] hid_open_report+0x1ef/0x810\n[ 13.673297] mt_probe+0x422/0x960\n[ 13.673297] hid_device_probe+0x2e2/0x6f0\n[ 13.673297] really_probe+0x1c6/0x6b0\n[ 13.673297] __driver_probe_device+0x24f/0x310\n[ 13.673297] driver_probe_device+0x4e/0x220\n[ 13.673297] __device_attach_driver+0x169/0x320\n[ 13.673297] bus_for_each_drv+0x11d/0x1b0\n[ 13.673297] __device_attach+0x1b8/0x3e0\n[ 13.673297] device_initial_probe+0x12/0x20\n[ 13.673297] bus_probe_device+0x13d/0x180\n[ 13.673297] device_add+0xe3a/0x1670\n[ 13.673297] hid_add_device+0x31d/0xa40\n[...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39806",
"url": "https://www.suse.com/security/cve/CVE-2025-39806"
},
{
"category": "external",
"summary": "SUSE Bug 1249888 for CVE-2025-39806",
"url": "https://bugzilla.suse.com/1249888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39806"
},
{
"cve": "CVE-2025-39808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39808"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()\n\nin ntrig_report_version(), hdev parameter passed from hid_probe().\nsending descriptor to /dev/uhid can make hdev-\u003edev.parent-\u003eparent to null\nif hdev-\u003edev.parent-\u003eparent is null, usb_dev has\ninvalid address(0xffffffffffffff58) that hid_to_usb_dev(hdev) returned\nwhen usb_rcvctrlpipe() use usb_dev,it trigger\npage fault error for address(0xffffffffffffff58)\n\nadd null check logic to ntrig_report_version()\nbefore calling hid_to_usb_dev()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39808",
"url": "https://www.suse.com/security/cve/CVE-2025-39808"
},
{
"category": "external",
"summary": "SUSE Bug 1250088 for CVE-2025-39808",
"url": "https://bugzilla.suse.com/1250088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39808"
},
{
"cve": "CVE-2025-39810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix memory corruption when FW resources change during ifdown\n\nbnxt_set_dflt_rings() assumes that it is always called before any TC has\nbeen created. So it doesn\u0027t take bp-\u003enum_tc into account and assumes\nthat it is always 0 or 1.\n\nIn the FW resource or capability change scenario, the FW will return\nflags in bnxt_hwrm_if_change() that will cause the driver to\nreinitialize and call bnxt_cancel_reservations(). This will lead to\nbnxt_init_dflt_ring_mode() calling bnxt_set_dflt_rings() and bp-\u003enum_tc\nmay be greater than 1. This will cause bp-\u003etx_ring[] to be sized too\nsmall and cause memory corruption in bnxt_alloc_cp_rings().\n\nFix it by properly scaling the TX rings by bp-\u003enum_tc in the code\npaths mentioned above. Add 2 helper functions to determine\nbp-\u003etx_nr_rings and bp-\u003etx_nr_rings_per_tc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39810",
"url": "https://www.suse.com/security/cve/CVE-2025-39810"
},
{
"category": "external",
"summary": "SUSE Bug 1249975 for CVE-2025-39810",
"url": "https://bugzilla.suse.com/1249975"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39810"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: asus: fix UAF via HID_CLAIMED_INPUT validation\n\nAfter hid_hw_start() is called hidinput_connect() will eventually be\ncalled to set up the device with the input layer since the\nHID_CONNECT_DEFAULT connect mask is used. During hidinput_connect()\nall input and output reports are processed and corresponding hid_inputs\nare allocated and configured via hidinput_configure_usages(). This\nprocess involves slot tagging report fields and configuring usages\nby setting relevant bits in the capability bitmaps. However it is possible\nthat the capability bitmaps are not set at all leading to the subsequent\nhidinput_has_been_populated() check to fail leading to the freeing of the\nhid_input and the underlying input device.\n\nThis becomes problematic because a malicious HID device like a\nASUS ROG N-Key keyboard can trigger the above scenario via a\nspecially crafted descriptor which then leads to a user-after-free\nwhen the name of the freed input device is written to later on after\nhid_hw_start(). Below, report 93 intentionally utilises the\nHID_UP_UNDEFINED Usage Page which is skipped during usage\nconfiguration, leading to the frees.\n\n0x05, 0x0D, // Usage Page (Digitizer)\n0x09, 0x05, // Usage (Touch Pad)\n0xA1, 0x01, // Collection (Application)\n0x85, 0x0D, // Report ID (13)\n0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00)\n0x09, 0xC5, // Usage (0xC5)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x04, // Report Count (4)\n0xB1, 0x02, // Feature (Data,Var,Abs)\n0x85, 0x5D, // Report ID (93)\n0x06, 0x00, 0x00, // Usage Page (Undefined)\n0x09, 0x01, // Usage (0x01)\n0x15, 0x00, // Logical Minimum (0)\n0x26, 0xFF, 0x00, // Logical Maximum (255)\n0x75, 0x08, // Report Size (8)\n0x95, 0x1B, // Report Count (27)\n0x81, 0x02, // Input (Data,Var,Abs)\n0xC0, // End Collection\n\nBelow is the KASAN splat after triggering the UAF:\n\n[ 21.672709] ==================================================================\n[ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80\n[ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54\n[ 21.673700]\n[ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary)\n[ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\n[ 21.673700] Call Trace:\n[ 21.673700] \u003cTASK\u003e\n[ 21.673700] dump_stack_lvl+0x5f/0x80\n[ 21.673700] print_report+0xd1/0x660\n[ 21.673700] kasan_report+0xe5/0x120\n[ 21.673700] __asan_report_store8_noabort+0x1b/0x30\n[ 21.673700] asus_probe+0xeeb/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Allocated by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_alloc_info+0x3b/0x50\n[ 21.673700] __kasan_kmalloc+0x9c/0xa0\n[ 21.673700] __kmalloc_cache_noprof+0x139/0x340\n[ 21.673700] input_allocate_device+0x44/0x370\n[ 21.673700] hidinput_connect+0xcb6/0x2630\n[ 21.673700] hid_connect+0xf74/0x1d60\n[ 21.673700] hid_hw_start+0x8c/0x110\n[ 21.673700] asus_probe+0x5a3/0xf80\n[ 21.673700] hid_device_probe+0x2ee/0x700\n[ 21.673700] really_probe+0x1c6/0x6b0\n[ 21.673700] __driver_probe_device+0x24f/0x310\n[ 21.673700] driver_probe_device+0x4e/0x220\n[...]\n[ 21.673700]\n[ 21.673700] Freed by task 54:\n[ 21.673700] kasan_save_stack+0x3d/0x60\n[ 21.673700] kasan_save_track+0x18/0x40\n[ 21.673700] kasan_save_free_info+0x3f/0x60\n[ 21.673700] __kasan_slab_free+0x3c/0x50\n[ 21.673700] kfre\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39824",
"url": "https://www.suse.com/security/cve/CVE-2025-39824"
},
{
"category": "external",
"summary": "SUSE Bug 1250007 for CVE-2025-39824",
"url": "https://bugzilla.suse.com/1250007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39824"
},
{
"cve": "CVE-2025-39826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39826"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: convert \u0027use\u0027 field to refcount_t\n\nThe \u0027use\u0027 field in struct rose_neigh is used as a reference counter but\nlacks atomicity. This can lead to race conditions where a rose_neigh\nstructure is freed while still being referenced by other code paths.\n\nFor example, when rose_neigh-\u003euse becomes zero during an ioctl operation\nvia rose_rt_ioctl(), the structure may be removed while its timer is\nstill active, potentially causing use-after-free issues.\n\nThis patch changes the type of \u0027use\u0027 from unsigned short to refcount_t and\nupdates all code paths to use rose_neigh_hold() and rose_neigh_put() which\noperate reference counts atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39826",
"url": "https://www.suse.com/security/cve/CVE-2025-39826"
},
{
"category": "external",
"summary": "SUSE Bug 1250203 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1250203"
},
{
"category": "external",
"summary": "SUSE Bug 1252713 for CVE-2025-39826",
"url": "https://bugzilla.suse.com/1252713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39826"
},
{
"cve": "CVE-2025-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39827"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rose: include node references in rose_neigh refcount\n\nCurrent implementation maintains two separate reference counting\nmechanisms: the \u0027count\u0027 field in struct rose_neigh tracks references from\nrose_node structures, while the \u0027use\u0027 field (now refcount_t) tracks\nreferences from rose_sock.\n\nThis patch merges these two reference counting systems using \u0027use\u0027 field\nfor proper reference management. Specifically, this patch adds incrementing\nand decrementing of rose_neigh-\u003euse when rose_neigh-\u003ecount is incremented\nor decremented.\n\nThis patch also modifies rose_rt_free(), rose_rt_device_down() and\nrose_clear_route() to properly release references to rose_neigh objects\nbefore freeing a rose_node through rose_remove_node().\n\nThese changes ensure rose_neigh structures are properly freed only when\nall references, including those from rose_node structures, are released.\nAs a result, this resolves a slab-use-after-free issue reported by Syzbot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39827",
"url": "https://www.suse.com/security/cve/CVE-2025-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1250204 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1250204"
},
{
"category": "external",
"summary": "SUSE Bug 1252714 for CVE-2025-39827",
"url": "https://bugzilla.suse.com/1252714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39827"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39832"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix lockdep assertion on sync reset unload event\n\nFix lockdep assertion triggered during sync reset unload event. When the\nsync reset flow is initiated using the devlink reload fw_activate\noption, the PF already holds the devlink lock while handling unload\nevent. In this case, delegate sync reset unload event handling back to\nthe devlink callback process to avoid double-locking and resolve the\nlockdep warning.\n\nKernel log:\nWARNING: CPU: 9 PID: 1578 at devl_assert_locked+0x31/0x40\n[...]\nCall Trace:\n\u003cTASK\u003e\n mlx5_unload_one_devl_locked+0x2c/0xc0 [mlx5_core]\n mlx5_sync_reset_unload_event+0xaf/0x2f0 [mlx5_core]\n process_one_work+0x222/0x640\n worker_thread+0x199/0x350\n kthread+0x10b/0x230\n ? __pfx_worker_thread+0x10/0x10\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x8e/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n\u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39832",
"url": "https://www.suse.com/security/cve/CVE-2025-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1249901 for CVE-2025-39832",
"url": "https://bugzilla.suse.com/1249901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39832"
},
{
"cve": "CVE-2025-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39833"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: hfcpci: Fix warning when deleting uninitialized timer\n\nWith CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads\nto the following splat:\n\n[ 250.215892] ODEBUG: assert_init not available (active state 0) object: ffffffffc01a3dc0 object type: timer_list hint: 0x0\n[ 250.217520] WARNING: CPU: 0 PID: 233 at lib/debugobjects.c:612 debug_print_object+0x1b6/0x2c0\n[ 250.218775] Modules linked in: hfcpci(-) mISDN_core\n[ 250.219537] CPU: 0 UID: 0 PID: 233 Comm: rmmod Not tainted 6.17.0-rc2-g6f713187ac98 #2 PREEMPT(voluntary)\n[ 250.220940] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 250.222377] RIP: 0010:debug_print_object+0x1b6/0x2c0\n[ 250.223131] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 4f 41 56 48 8b 14 dd a0 4e 01 9f 48 89 ee 48 c7 c7 20 46 01 9f e8 cb 84d\n[ 250.225805] RSP: 0018:ffff888015ea7c08 EFLAGS: 00010286\n[ 250.226608] RAX: 0000000000000000 RBX: 0000000000000005 RCX: ffffffff9be93a95\n[ 250.227708] RDX: 1ffff1100d945138 RSI: 0000000000000008 RDI: ffff88806ca289c0\n[ 250.228993] RBP: ffffffff9f014a00 R08: 0000000000000001 R09: ffffed1002bd4f39\n[ 250.230043] R10: ffff888015ea79cf R11: 0000000000000001 R12: 0000000000000001\n[ 250.231185] R13: ffffffff9eea0520 R14: 0000000000000000 R15: ffff888015ea7cc8\n[ 250.232454] FS: 00007f3208f01540(0000) GS:ffff8880caf5a000(0000) knlGS:0000000000000000\n[ 250.233851] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 250.234856] CR2: 00007f32090a7421 CR3: 0000000004d63000 CR4: 00000000000006f0\n[ 250.236117] Call Trace:\n[ 250.236599] \u003cTASK\u003e\n[ 250.236967] ? trace_irq_enable.constprop.0+0xd4/0x130\n[ 250.237920] debug_object_assert_init+0x1f6/0x310\n[ 250.238762] ? __pfx_debug_object_assert_init+0x10/0x10\n[ 250.239658] ? __lock_acquire+0xdea/0x1c70\n[ 250.240369] __try_to_del_timer_sync+0x69/0x140\n[ 250.241172] ? __pfx___try_to_del_timer_sync+0x10/0x10\n[ 250.242058] ? __timer_delete_sync+0xc6/0x120\n[ 250.242842] ? lock_acquire+0x30/0x80\n[ 250.243474] ? __timer_delete_sync+0xc6/0x120\n[ 250.244262] __timer_delete_sync+0x98/0x120\n[ 250.245015] HFC_cleanup+0x10/0x20 [hfcpci]\n[ 250.245704] __do_sys_delete_module+0x348/0x510\n[ 250.246461] ? __pfx___do_sys_delete_module+0x10/0x10\n[ 250.247338] do_syscall_64+0xc1/0x360\n[ 250.247924] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFix this by initializing hfc_tl timer with DEFINE_TIMER macro.\nAlso, use mod_timer instead of manual timeout update.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39833",
"url": "https://www.suse.com/security/cve/CVE-2025-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1250028 for CVE-2025-39833",
"url": "https://bugzilla.suse.com/1250028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39833"
},
{
"cve": "CVE-2025-39839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39839"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix OOB read/write in network-coding decode\n\nbatadv_nc_skb_decode_packet() trusts coded_len and checks only against\nskb-\u003elen. XOR starts at sizeof(struct batadv_unicast_packet), reducing\npayload headroom, and the source skb length is not verified, allowing an\nout-of-bounds read and a small out-of-bounds write.\n\nValidate that coded_len fits within the payload area of both destination\nand source sk_buffs before XORing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39839",
"url": "https://www.suse.com/security/cve/CVE-2025-39839"
},
{
"category": "external",
"summary": "SUSE Bug 1250291 for CVE-2025-39839",
"url": "https://bugzilla.suse.com/1250291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39839"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39844",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39844"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: move page table sync declarations to linux/pgtable.h\n\nDuring our internal testing, we started observing intermittent boot\nfailures when the machine uses 4-level paging and has a large amount of\npersistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0 \n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt turns out that the kernel panics while initializing vmemmap (struct\npage array) when the vmemmap region spans two PGD entries, because the new\nPGD entry is only installed in init_mm.pgd, but not in the page tables of\nother tasks.\n\nAnd looking at __populate_section_memmap():\n if (vmemmap_can_optimize(altmap, pgmap)) \n // does not sync top level page tables\n r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap);\n else \n // sync top level page tables in x86\n r = vmemmap_populate(start, end, nid, altmap);\n\nIn the normal path, vmemmap_populate() in arch/x86/mm/init_64.c\nsynchronizes the top level page table (See commit 9b861528a801 (\"x86-64,\nmem: Update all PGDs for direct mapping and vmemmap mapping changes\")) so\nthat all tasks in the system can see the new vmemmap area.\n\nHowever, when vmemmap_can_optimize() returns true, the optimized path\nskips synchronization of top-level page tables. This is because\nvmemmap_populate_compound_pages() is implemented in core MM code, which\ndoes not handle synchronization of the top-level page tables. Instead,\nthe core MM has historically relied on each architecture to perform this\nsynchronization manually.\n\nWe\u0027re not the first party to encounter a crash caused by not-sync\u0027d top\nlevel page tables: earlier this year, Gwan-gyeong Mun attempted to address\nthe issue [1] [2] after hitting a kernel panic when x86 code accessed the\nvmemmap area before the corresponding top-level entries were synced. At\nthat time, the issue was believed to be triggered only when struct page\nwas enlarged for debugging purposes, and the patch did not get further\nupdates.\n\nIt turns out that current approach of relying on each arch to handle the\npage table sync manually is fragile because 1) it\u0027s easy to forget to sync\nthe top level page table, and 2) it\u0027s also easy to overlook that the\nkernel should not access the vmemmap and direct mapping areas before the\nsync.\n\n# The solution: Make page table sync more code robust and harder to miss\n\nTo address this, Dave Hansen suggested [3] [4] introducing\n{pgd,p4d}_populate_kernel() for updating kernel portion of the page tables\nand allow each architecture to explicitly perform synchronization when\ninstalling top-level entries. With this approach, we no longer need to\nworry about missing the sync step, reducing the risk of future\nregressions.\n\nThe new interface reuses existing ARCH_PAGE_TABLE_SYNC_MASK,\nPGTBL_P*D_MODIFIED and arch_sync_kernel_mappings() facility used by\nvmalloc and ioremap to synchronize page tables.\n\npgd_populate_kernel() looks like this:\nstatic inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,\n p4d_t *p4d)\n{\n pgd_populate(\u0026init_mm, pgd, p4d);\n if (ARCH_PAGE_TABLE_SYNC_MASK \u0026 PGTBL_PGD_MODIFIED)\n arch_sync_kernel_mappings(addr, addr);\n}\n\nIt is worth noting that vmalloc() and apply_to_range() carefully\nsynchronizes page tables by calling p*d_alloc_track() and\narch_sync_kernel_mappings(), and thus they are not affected by\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39844",
"url": "https://www.suse.com/security/cve/CVE-2025-39844"
},
{
"category": "external",
"summary": "SUSE Bug 1250268 for CVE-2025-39844",
"url": "https://bugzilla.suse.com/1250268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39844"
},
{
"cve": "CVE-2025-39845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39845"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()\n\nDefine ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure\npage tables are properly synchronized when calling p*d_populate_kernel().\n\nFor 5-level paging, synchronization is performed via\npgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so\nsynchronization is instead performed at the P4D level via\np4d_populate_kernel().\n\nThis fixes intermittent boot failures on systems using 4-level paging and\na large amount of persistent memory:\n\n BUG: unable to handle page fault for address: ffffe70000000034\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP NOPTI\n RIP: 0010:__init_single_page+0x9/0x6d\n Call Trace:\n \u003cTASK\u003e\n __init_zone_device_page+0x17/0x5d\n memmap_init_zone_device+0x154/0x1bb\n pagemap_range+0x2e0/0x40f\n memremap_pages+0x10b/0x2f0\n devm_memremap_pages+0x1e/0x60\n dev_dax_probe+0xce/0x2ec [device_dax]\n dax_bus_probe+0x6d/0xc9\n [... snip ...]\n \u003c/TASK\u003e\n\nIt also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap\nbefore sync_global_pgds() [1]:\n\n BUG: unable to handle page fault for address: ffffeb3ff1200000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI\n Tainted: [W]=WARN\n RIP: 0010:vmemmap_set_pmd+0xff/0x230\n \u003cTASK\u003e\n vmemmap_populate_hugepages+0x176/0x180\n vmemmap_populate+0x34/0x80\n __populate_section_memmap+0x41/0x90\n sparse_add_section+0x121/0x3e0\n __add_pages+0xba/0x150\n add_pages+0x1d/0x70\n memremap_pages+0x3dc/0x810\n devm_memremap_pages+0x1c/0x60\n xe_devm_add+0x8b/0x100 [xe]\n xe_tile_init_noalloc+0x6a/0x70 [xe]\n xe_device_probe+0x48c/0x740 [xe]\n [... snip ...]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39845",
"url": "https://www.suse.com/security/cve/CVE-2025-39845"
},
{
"category": "external",
"summary": "SUSE Bug 1250262 for CVE-2025-39845",
"url": "https://bugzilla.suse.com/1250262"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39845"
},
{
"cve": "CVE-2025-39846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39846"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()\n\nIn __iodyn_find_io_region(), pcmcia_make_resource() is assigned to\nres and used in pci_bus_alloc_resource(). There is a dereference of res\nin pci_bus_alloc_resource(), which could lead to a NULL pointer\ndereference on failure of pcmcia_make_resource().\n\nFix this bug by adding a check of res.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39846",
"url": "https://www.suse.com/security/cve/CVE-2025-39846"
},
{
"category": "external",
"summary": "SUSE Bug 1250263 for CVE-2025-39846",
"url": "https://bugzilla.suse.com/1250263"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39846"
},
{
"cve": "CVE-2025-39847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39847"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix memory leak in pad_compress_skb\n\nIf alloc_skb() fails in pad_compress_skb(), it returns NULL without\nreleasing the old skb. The caller does:\n\n skb = pad_compress_skb(ppp, skb);\n if (!skb)\n goto drop;\n\ndrop:\n kfree_skb(skb);\n\nWhen pad_compress_skb() returns NULL, the reference to the old skb is\nlost and kfree_skb(skb) ends up doing nothing, leading to a memory leak.\n\nAlign pad_compress_skb() semantics with realloc(): only free the old\nskb if allocation and compression succeed. At the call site, use the\nnew_skb variable so the original skb is not lost when pad_compress_skb()\nfails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39847",
"url": "https://www.suse.com/security/cve/CVE-2025-39847"
},
{
"category": "external",
"summary": "SUSE Bug 1250292 for CVE-2025-39847",
"url": "https://bugzilla.suse.com/1250292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39847"
},
{
"cve": "CVE-2025-39848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39848"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nax25: properly unshare skbs in ax25_kiss_rcv()\n\nBernard Pidoux reported a regression apparently caused by commit\nc353e8983e0d (\"net: introduce per netns packet chains\").\n\nskb-\u003edev becomes NULL and we crash in __netif_receive_skb_core().\n\nBefore above commit, different kind of bugs or corruptions could happen\nwithout a major crash.\n\nBut the root cause is that ax25_kiss_rcv() can queue/mangle input skb\nwithout checking if this skb is shared or not.\n\nMany thanks to Bernard Pidoux for his help, diagnosis and tests.\n\nWe had a similar issue years ago fixed with commit 7aaed57c5c28\n(\"phonet: properly unshare skbs in phonet_rcv()\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39848",
"url": "https://www.suse.com/security/cve/CVE-2025-39848"
},
{
"category": "external",
"summary": "SUSE Bug 1250298 for CVE-2025-39848",
"url": "https://bugzilla.suse.com/1250298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39848"
},
{
"cve": "CVE-2025-39849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39849"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()\n\nIf the ssid-\u003edatalen is more than IEEE80211_MAX_SSID_LEN (32) it would\nlead to memory corruption so add some bounds checking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39849",
"url": "https://www.suse.com/security/cve/CVE-2025-39849"
},
{
"category": "external",
"summary": "SUSE Bug 1250266 for CVE-2025-39849",
"url": "https://bugzilla.suse.com/1250266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39849"
},
{
"cve": "CVE-2025-39850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39850"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects\n\nWhen the \"proxy\" option is enabled on a VXLAN device, the device will\nsuppress ARP requests and IPv6 Neighbor Solicitation messages if it is\nable to reply on behalf of the remote host. That is, if a matching and\nvalid neighbor entry is configured on the VXLAN device whose MAC address\nis not behind the \"any\" remote (0.0.0.0 / ::).\n\nThe code currently assumes that the FDB entry for the neighbor\u0027s MAC\naddress points to a valid remote destination, but this is incorrect if\nthe entry is associated with an FDB nexthop group. This can result in a\nNPD [1][3] which can be reproduced using [2][4].\n\nFix by checking that the remote destination exists before dereferencing\nit.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 4 UID: 0 PID: 365 Comm: arping Not tainted 6.17.0-rc2-virtme-g2a89cb21162c #2 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_xmit+0xb58/0x15f0\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.2 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 4789 proxy\n\n ip neigh add 192.0.2.3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n arping -b -c 1 -s 192.0.2.1 -I vx0 192.0.2.3\n\n[3]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 372 Comm: ndisc6 Not tainted 6.17.0-rc2-virtmne-g6ee90cb26014 #3 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1v996), BIOS 1.17.0-4.fc41 04/01/2x014\nRIP: 0010:vxlan_xmit+0x803/0x1600\n[...]\nCall Trace:\n \u003cTASK\u003e\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n ip6_finish_output2+0x210/0x6c0\n ip6_finish_output+0x1af/0x2b0\n ip6_mr_output+0x92/0x3e0\n ip6_send_skb+0x30/0x90\n rawv6_sendmsg+0xe6e/0x12e0\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\nRIP: 0033:0x7f383422ec77\n\n[4]\n #!/bin/bash\n\n ip address add 2001:db8:1::1/128 dev lo\n\n ip nexthop add id 1 via 2001:db8:1::1 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 2001:db8:1::1 dstport 4789 proxy\n\n ip neigh add 2001:db8:1::3 lladdr 00:11:22:33:44:55 nud perm dev vx0\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static nhid 10\n\n ndisc6 -r 1 -s 2001:db8:1::1 -w 1 2001:db8:1::3 vx0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39850",
"url": "https://www.suse.com/security/cve/CVE-2025-39850"
},
{
"category": "external",
"summary": "SUSE Bug 1250276 for CVE-2025-39850",
"url": "https://bugzilla.suse.com/1250276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39850"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39853"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix potential invalid access when MAC list is empty\n\nlist_first_entry() never returns NULL - if the list is empty, it still\nreturns a pointer to an invalid object, leading to potential invalid\nmemory access when dereferenced.\n\nFix this by using list_first_entry_or_null instead of list_first_entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39853",
"url": "https://www.suse.com/security/cve/CVE-2025-39853"
},
{
"category": "external",
"summary": "SUSE Bug 1250275 for CVE-2025-39853",
"url": "https://bugzilla.suse.com/1250275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39853"
},
{
"cve": "CVE-2025-39854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39854"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix NULL access of tx-\u003ein_use in ice_ll_ts_intr\n\nRecent versions of the E810 firmware have support for an extra interrupt to\nhandle report of the \"low latency\" Tx timestamps coming from the\nspecialized low latency firmware interface. Instead of polling the\nregisters, software can wait until the low latency interrupt is fired.\n\nThis logic makes use of the Tx timestamp tracking structure, ice_ptp_tx, as\nit uses the same \"ready\" bitmap to track which Tx timestamps complete.\n\nUnfortunately, the ice_ll_ts_intr() function does not check if the\ntracker is initialized before its first access. This results in NULL\ndereference or use-after-free bugs similar to the issues fixed in the\nice_ptp_ts_irq() function.\n\nFix this by only checking the in_use bitmap (and other fields) if the\ntracker is marked as initialized. The reset flow will clear the init field\nunder lock before it tears the tracker down, thus preventing any\nuse-after-free or NULL access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39854",
"url": "https://www.suse.com/security/cve/CVE-2025-39854"
},
{
"category": "external",
"summary": "SUSE Bug 1250297 for CVE-2025-39854",
"url": "https://bugzilla.suse.com/1250297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39854"
},
{
"cve": "CVE-2025-39860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39860"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()\n\nsyzbot reported the splat below without a repro.\n\nIn the splat, a single thread calling bt_accept_dequeue() freed sk\nand touched it after that.\n\nThe root cause would be the racy l2cap_sock_cleanup_listen() call\nadded by the cited commit.\n\nbt_accept_dequeue() is called under lock_sock() except for\nl2cap_sock_release().\n\nTwo threads could see the same socket during the list iteration\nin bt_accept_dequeue():\n\n CPU1 CPU2 (close())\n ---- ----\n sock_hold(sk) sock_hold(sk);\n lock_sock(sk) \u003c-- block close()\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- refcnt by bt_accept_enqueue()\n release_sock(sk)\n lock_sock(sk)\n sock_put(sk)\n bt_accept_unlink(sk)\n sock_put(sk) \u003c-- last refcnt\n bt_accept_unlink(sk) \u003c-- UAF\n\nDepending on the timing, the other thread could show up in the\n\"Freed by task\" part.\n\nLet\u0027s call l2cap_sock_cleanup_listen() under lock_sock() in\nl2cap_sock_release().\n\n[0]:\nBUG: KASAN: slab-use-after-free in debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\nBUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\nRead of size 4 at addr ffff88803b7eb1c4 by task syz.5.3276/16995\nCPU: 3 UID: 0 PID: 16995 Comm: syz.5.3276 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xcd/0x630 mm/kasan/report.c:482\n kasan_report+0xe0/0x110 mm/kasan/report.c:595\n debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline]\n do_raw_spin_lock+0x26f/0x2b0 kernel/locking/spinlock_debug.c:115\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n release_sock+0x21/0x220 net/core/sock.c:3746\n bt_accept_dequeue+0x505/0x600 net/bluetooth/af_bluetooth.c:312\n l2cap_sock_cleanup_listen+0x5c/0x2a0 net/bluetooth/l2cap_sock.c:1451\n l2cap_sock_release+0x5c/0x210 net/bluetooth/l2cap_sock.c:1425\n __sock_release+0xb3/0x270 net/socket.c:649\n sock_close+0x1c/0x30 net/socket.c:1439\n __fput+0x3ff/0xb70 fs/file_table.c:468\n task_work_run+0x14d/0x240 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43\n exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]\n do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f2accf8ebe9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffdb6cb1378 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 00000000000426fb RCX: 00007f2accf8ebe9\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007f2acd1b7da0 R08: 0000000000000001 R09: 00000012b6cb166f\nR10: 0000001b30e20000 R11: 0000000000000246 R12: 00007f2acd1b609c\nR13: 00007f2acd1b6090 R14: ffffffffffffffff R15: 00007ffdb6cb1490\n \u003c/TASK\u003e\n\nAllocated by task 5326:\n kasan_save_stack+0x33/0x60 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:405\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4365 [inline]\n __kmalloc_nopro\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39860",
"url": "https://www.suse.com/security/cve/CVE-2025-39860"
},
{
"category": "external",
"summary": "SUSE Bug 1250247 for CVE-2025-39860",
"url": "https://bugzilla.suse.com/1250247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39860"
},
{
"cve": "CVE-2025-39861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: vhci: Prevent use-after-free by removing debugfs files early\n\nMove the creation of debugfs files into a dedicated function, and ensure\nthey are explicitly removed during vhci_release(), before associated\ndata structures are freed.\n\nPreviously, debugfs files such as \"force_suspend\", \"force_wakeup\", and\nothers were created under hdev-\u003edebugfs but not removed in\nvhci_release(). Since vhci_release() frees the backing vhci_data\nstructure, any access to these files after release would result in\nuse-after-free errors.\n\nAlthough hdev-\u003edebugfs is later freed in hci_release_dev(), user can\naccess files after vhci_data is freed but before hdev-\u003edebugfs is\nreleased.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39861",
"url": "https://www.suse.com/security/cve/CVE-2025-39861"
},
{
"category": "external",
"summary": "SUSE Bug 1250249 for CVE-2025-39861",
"url": "https://bugzilla.suse.com/1250249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39861"
},
{
"cve": "CVE-2025-39863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39863"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work\n\nThe brcmf_btcoex_detach() only shuts down the btcoex timer, if the\nflag timer_on is false. However, the brcmf_btcoex_timerfunc(), which\nruns as timer handler, sets timer_on to false. This creates critical\nrace conditions:\n\n1.If brcmf_btcoex_detach() is called while brcmf_btcoex_timerfunc()\nis executing, it may observe timer_on as false and skip the call to\ntimer_shutdown_sync().\n\n2.The brcmf_btcoex_timerfunc() may then reschedule the brcmf_btcoex_info\nworker after the cancel_work_sync() has been executed, resulting in\nuse-after-free bugs.\n\nThe use-after-free bugs occur in two distinct scenarios, depending on\nthe timing of when the brcmf_btcoex_info struct is freed relative to\nthe execution of its worker thread.\n\nScenario 1: Freed before the worker is scheduled\n\nThe brcmf_btcoex_info is deallocated before the worker is scheduled.\nA race condition can occur when schedule_work(\u0026bt_local-\u003ework) is\ncalled after the target memory has been freed. The sequence of events\nis detailed below:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... |\n kfree(cfg-\u003ebtcoex); // FREE |\n | schedule_work(\u0026bt_local-\u003ework); // USE\n\nScenario 2: Freed after the worker is scheduled\n\nThe brcmf_btcoex_info is freed after the worker has been scheduled\nbut before or during its execution. In this case, statements within\nthe brcmf_btcoex_handler() - such as the container_of macro and\nsubsequent dereferences of the brcmf_btcoex_info object will cause\na use-after-free access. The following timeline illustrates this\nscenario:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local-\u003etimer_on = false;\n if (cfg-\u003ebtcoex-\u003etimer_on) |\n ... |\n cancel_work_sync(); |\n ... | schedule_work(); // Reschedule\n |\n kfree(cfg-\u003ebtcoex); // FREE | brcmf_btcoex_handler() // Worker\n /* | btci = container_of(....); // USE\n The kfree() above could | ...\n also occur at any point | btci-\u003e // USE\n during the worker\u0027s execution|\n */ |\n\nTo resolve the race conditions, drop the conditional check and call\ntimer_shutdown_sync() directly. It can deactivate the timer reliably,\nregardless of its current state. Once stopped, the timer_on state is\nthen set to false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39863",
"url": "https://www.suse.com/security/cve/CVE-2025-39863"
},
{
"category": "external",
"summary": "SUSE Bug 1250281 for CVE-2025-39863",
"url": "https://bugzilla.suse.com/1250281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39863"
},
{
"cve": "CVE-2025-39864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39864"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39864",
"url": "https://www.suse.com/security/cve/CVE-2025-39864"
},
{
"category": "external",
"summary": "SUSE Bug 1250242 for CVE-2025-39864",
"url": "https://bugzilla.suse.com/1250242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39864"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39869"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n\nFix a critical memory allocation bug in edma_setup_from_hw() where\nqueue_priority_map was allocated with insufficient memory. The code\ndeclared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),\nbut allocated memory using sizeof(s8) instead of the correct size.\n\nThis caused out-of-bounds memory writes when accessing:\n queue_priority_map[i][0] = i;\n queue_priority_map[i][1] = i;\n\nThe bug manifested as kernel crashes with \"Oops - undefined instruction\"\non ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the\nmemory corruption triggered kernel hardening features on Clang.\n\nChange the allocation to use sizeof(*queue_priority_map) which\nautomatically gets the correct size for the 2D array structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39869",
"url": "https://www.suse.com/security/cve/CVE-2025-39869"
},
{
"category": "external",
"summary": "SUSE Bug 1250406 for CVE-2025-39869",
"url": "https://bugzilla.suse.com/1250406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39869"
},
{
"cve": "CVE-2025-39870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39870"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix double free in idxd_setup_wqs()\n\nThe clean up in idxd_setup_wqs() has had a couple bugs because the error\nhandling is a bit subtle. It\u0027s simpler to just re-write it in a cleaner\nway. The issues here are:\n\n1) If \"idxd-\u003emax_wqs\" is \u003c= 0 then we call put_device(conf_dev) when\n \"conf_dev\" hasn\u0027t been initialized.\n2) If kzalloc_node() fails then again \"conf_dev\" is invalid. It\u0027s\n either uninitialized or it points to the \"conf_dev\" from the\n previous iteration so it leads to a double free.\n\nIt\u0027s better to free partial loop iterations within the loop and then\nthe unwinding at the end can handle whole loop iterations. I also\nrenamed the labels to describe what the goto does and not where the goto\nwas located.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39870",
"url": "https://www.suse.com/security/cve/CVE-2025-39870"
},
{
"category": "external",
"summary": "SUSE Bug 1250402 for CVE-2025-39870",
"url": "https://bugzilla.suse.com/1250402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39870"
},
{
"cve": "CVE-2025-39871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39871"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Remove improper idxd_free\n\nThe call to idxd_free() introduces a duplicate put_device() leading to a\nreference count underflow:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 15 PID: 4428 at lib/refcount.c:28 refcount_warn_saturate+0xbe/0x110\n...\nCall Trace:\n \u003cTASK\u003e\n idxd_remove+0xe4/0x120 [idxd]\n pci_device_remove+0x3f/0xb0\n device_release_driver_internal+0x197/0x200\n driver_detach+0x48/0x90\n bus_remove_driver+0x74/0xf0\n pci_unregister_driver+0x2e/0xb0\n idxd_exit_module+0x34/0x7a0 [idxd]\n __do_sys_delete_module.constprop.0+0x183/0x280\n do_syscall_64+0x54/0xd70\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe idxd_unregister_devices() which is invoked at the very beginning of\nidxd_remove(), already takes care of the necessary put_device() through the\nfollowing call path:\nidxd_unregister_devices() -\u003e device_unregister() -\u003e put_device()\n\nIn addition, when CONFIG_DEBUG_KOBJECT_RELEASE is enabled, put_device() may\ntrigger asynchronous cleanup via schedule_delayed_work(). If idxd_free() is\ncalled immediately after, it can result in a use-after-free.\n\nRemove the improper idxd_free() to avoid both the refcount underflow and\npotential memory corruption during module unload.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39871",
"url": "https://www.suse.com/security/cve/CVE-2025-39871"
},
{
"category": "external",
"summary": "SUSE Bug 1250377 for CVE-2025-39871",
"url": "https://bugzilla.suse.com/1250377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39871"
},
{
"cve": "CVE-2025-39873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39873"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB\n\ncan_put_echo_skb() takes ownership of the SKB and it may be freed\nduring or after the call.\n\nHowever, xilinx_can xcan_write_frame() keeps using SKB after the call.\n\nFix that by only calling can_put_echo_skb() after the code is done\ntouching the SKB.\n\nThe tx_lock is held for the entire xcan_write_frame() execution and\nalso on the can_get_echo_skb() side so the order of operations does not\nmatter.\n\nAn earlier fix commit 3d3c817c3a40 (\"can: xilinx_can: Fix usage of skb\nmemory\") did not move the can_put_echo_skb() call far enough.\n\n[mkl: add \"commit\" in front of sha1 in patch description]\n[mkl: fix indention]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39873",
"url": "https://www.suse.com/security/cve/CVE-2025-39873"
},
{
"category": "external",
"summary": "SUSE Bug 1250371 for CVE-2025-39873",
"url": "https://bugzilla.suse.com/1250371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39873"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39882"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: fix potential OF node use-after-free\n\nThe for_each_child_of_node() helper drops the reference it takes to each\nnode as it iterates over children and an explicit of_node_put() is only\nneeded when exiting the loop early.\n\nDrop the recently introduced bogus additional reference count decrement\nat each iteration that could potentially lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39882",
"url": "https://www.suse.com/security/cve/CVE-2025-39882"
},
{
"category": "external",
"summary": "SUSE Bug 1250389 for CVE-2025-39882",
"url": "https://bugzilla.suse.com/1250389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39882"
},
{
"cve": "CVE-2025-39889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39889"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Check encryption key size on incoming connection\n\nThis is required for passing GAP/SEC/SEM/BI-04-C PTS test case:\n Security Mode 4 Level 4, Responder - Invalid Encryption Key Size\n - 128 bit\n\nThis tests the security key with size from 1 to 15 bytes while the\nSecurity Mode 4 Level 4 requests 16 bytes key size.\n\nCurrently PTS fails with the following logs:\n- expected:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: (lt)WildCard: Exists(gt)\n Length: [8 (0x0008)]\n Destination CID: (lt)WildCard: Exists(gt)\n Source CID: [64 (0x0040)]\n Result: [3 (0x0003)] Connection refused - Security block\n Status: (lt)WildCard: Exists(gt),\nbut received:Connection Response:\n Code: [3 (0x03)] Code\n Identifier: [1 (0x01)]\n Length: [8 (0x0008)]\n Destination CID: [64 (0x0040)]\n Source CID: [64 (0x0040)]\n Result: [0 (0x0000)] Connection Successful\n Status: [0 (0x0000)] No further information available\n\nAnd HCI logs:\n\u003c HCI Command: Read Encrypti.. (0x05|0x0008) plen 2\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n\u003e HCI Event: Command Complete (0x0e) plen 7\n Read Encryption Key Size (0x05|0x0008) ncmd 1\n Status: Success (0x00)\n Handle: 14 Address: 00:1B:DC:F2:24:10 (Vencer Co., Ltd.)\n Key size: 7\n\u003e ACL Data RX: Handle 14 flags 0x02 dlen 12\n L2CAP: Connection Request (0x02) ident 1 len 4\n PSM: 4097 (0x1001)\n Source CID: 64\n\u003c ACL Data TX: Handle 14 flags 0x00 dlen 16\n L2CAP: Connection Response (0x03) ident 1 len 8\n Destination CID: 64\n Source CID: 64\n Result: Connection successful (0x0000)\n Status: No further information available (0x0000)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39889",
"url": "https://www.suse.com/security/cve/CVE-2025-39889"
},
{
"category": "external",
"summary": "SUSE Bug 1249833 for CVE-2025-39889",
"url": "https://bugzilla.suse.com/1249833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39889"
},
{
"cve": "CVE-2025-39891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39891"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Initialize the chan_stats array to zero\n\nThe adapter-\u003echan_stats[] array is initialized in\nmwifiex_init_channel_scan_gap() with vmalloc(), which doesn\u0027t zero out\nmemory. The array is filled in mwifiex_update_chan_statistics()\nand then the user can query the data in mwifiex_cfg80211_dump_survey().\n\nThere are two potential issues here. What if the user calls\nmwifiex_cfg80211_dump_survey() before the data has been filled in.\nAlso the mwifiex_update_chan_statistics() function doesn\u0027t necessarily\ninitialize the whole array. Since the array was not initialized at\nthe start that could result in an information leak.\n\nAlso this array is pretty small. It\u0027s a maximum of 900 bytes so it\u0027s\nmore appropriate to use kcalloc() instead vmalloc().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39891",
"url": "https://www.suse.com/security/cve/CVE-2025-39891"
},
{
"category": "external",
"summary": "SUSE Bug 1250712 for CVE-2025-39891",
"url": "https://bugzilla.suse.com/1250712"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39891"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39900"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y\n\nsyzbot reported a WARNING in est_timer() [1]\n\nProblem here is that with CONFIG_PREEMPT_RT=y, timer callbacks\ncan be preempted.\n\nAdopt preempt_disable_nested()/preempt_enable_nested() to fix this.\n\n[1]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 __seqprop_assert include/linux/seqlock.h:221 [inline]\n WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:__seqprop_assert include/linux/seqlock.h:221 [inline]\n RIP: 0010:est_timer+0x6dc/0x9f0 net/core/gen_estimator.c:93\nCall Trace:\n \u003cTASK\u003e\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22c/0x710 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1043\n smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160\n kthread+0x70e/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39900",
"url": "https://www.suse.com/security/cve/CVE-2025-39900"
},
{
"category": "external",
"summary": "SUSE Bug 1250758 for CVE-2025-39900",
"url": "https://bugzilla.suse.com/1250758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39900"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39907",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39907"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer\n\nAvoid below overlapping mappings by using a contiguous\nnon-cacheable buffer.\n\n[ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\n[ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300\n[ 4.097071] Modules linked in:\n[ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1\n[ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT)\n[ 4.118824] Workqueue: events_unbound deferred_probe_work_func\n[ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.131624] pc : add_dma_entry+0x23c/0x300\n[ 4.135658] lr : add_dma_entry+0x23c/0x300\n[ 4.139792] sp : ffff800009dbb490\n[ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000\n[ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8\n[ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20\n[ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006\n[ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e\n[ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec\n[ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58\n[ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000\n[ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40\n[ 4.214185] Call trace:\n[ 4.216605] add_dma_entry+0x23c/0x300\n[ 4.220338] debug_dma_map_sg+0x198/0x350\n[ 4.224373] __dma_map_sg_attrs+0xa0/0x110\n[ 4.228411] dma_map_sg_attrs+0x10/0x2c\n[ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc\n[ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174\n[ 4.242127] nand_read_oob+0x1d4/0x8e0\n[ 4.245861] mtd_read_oob_std+0x58/0x84\n[ 4.249596] mtd_read_oob+0x90/0x150\n[ 4.253231] mtd_read+0x68/0xac",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39907",
"url": "https://www.suse.com/security/cve/CVE-2025-39907"
},
{
"category": "external",
"summary": "SUSE Bug 1250713 for CVE-2025-39907",
"url": "https://bugzilla.suse.com/1250713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39907"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39920",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39920"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npcmcia: Add error handling for add_interval() in do_validate_mem()\n\nIn the do_validate_mem(), the call to add_interval() does not\nhandle errors. If kmalloc() fails in add_interval(), it could\nresult in a null pointer being inserted into the linked list,\nleading to illegal memory access when sub_interval() is called\nnext.\n\nThis patch adds an error handling for the add_interval(). If\nadd_interval() returns an error, the function will return early\nwith the error code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39920",
"url": "https://www.suse.com/security/cve/CVE-2025-39920"
},
{
"category": "external",
"summary": "SUSE Bug 1250732 for CVE-2025-39920",
"url": "https://bugzilla.suse.com/1250732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39920"
},
{
"cve": "CVE-2025-39923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n\nWhen we don\u0027t have a clock specified in the device tree, we have no way to\nensure the BAM is on. This is often the case for remotely-controlled or\nremotely-powered BAM instances. In this case, we need to read num-channels\nfrom the DT to have all the necessary information to complete probing.\n\nHowever, at the moment invalid device trees without clock and without\nnum-channels still continue probing, because the error handling is missing\nreturn statements. The driver will then later try to read the number of\nchannels from the registers. This is unsafe, because it relies on boot\nfirmware and lucky timing to succeed. Unfortunately, the lack of proper\nerror handling here has been abused for several Qualcomm SoCs upstream,\ncausing early boot crashes in several situations [1, 2].\n\nAvoid these early crashes by erroring out when any of the required DT\nproperties are missing. Note that this will break some of the existing DTs\nupstream (mainly BAM instances related to the crypto engine). However,\nclearly these DTs have never been tested properly, since the error in the\nkernel log was just ignored. It\u0027s safer to disable the crypto engine for\nthese broken DTBs.\n\n[1]: https://lore.kernel.org/r/CY01EKQVWE36.B9X5TDXAREPF@fairphone.com/\n[2]: https://lore.kernel.org/r/20230626145959.646747-1-krzysztof.kozlowski@linaro.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39923",
"url": "https://www.suse.com/security/cve/CVE-2025-39923"
},
{
"category": "external",
"summary": "SUSE Bug 1250741 for CVE-2025-39923",
"url": "https://bugzilla.suse.com/1250741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39923"
},
{
"cve": "CVE-2025-39925",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39925"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: implement NETDEV_UNREGISTER notification handler\n\nsyzbot is reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\nproblem, for j1939 protocol did not have NETDEV_UNREGISTER notification\nhandler for undoing changes made by j1939_sk_bind().\n\nCommit 25fe97cb7620 (\"can: j1939: move j1939_priv_put() into sk_destruct\ncallback\") expects that a call to j1939_priv_put() can be unconditionally\ndelayed until j1939_sk_sock_destruct() is called. But we need to call\nj1939_priv_put() against an extra ref held by j1939_sk_bind() call\n(as a part of undoing changes made by j1939_sk_bind()) as soon as\nNETDEV_UNREGISTER notification fires (i.e. before j1939_sk_sock_destruct()\nis called via j1939_sk_release()). Otherwise, the extra ref on \"struct\nj1939_priv\" held by j1939_sk_bind() call prevents \"struct net_device\" from\ndropping the usage count to 1; making it impossible for\nunregister_netdevice() to continue.\n\n[mkl: remove space in front of label]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39925",
"url": "https://www.suse.com/security/cve/CVE-2025-39925"
},
{
"category": "external",
"summary": "SUSE Bug 1250736 for CVE-2025-39925",
"url": "https://bugzilla.suse.com/1250736"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39925"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tun: Update napi-\u003eskb after XDP process\n\nThe syzbot report a UAF issue:\n\n BUG: KASAN: slab-use-after-free in skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n BUG: KASAN: slab-use-after-free in napi_frags_skb net/core/gro.c:723 [inline]\n BUG: KASAN: slab-use-after-free in napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n Read of size 8 at addr ffff88802ef22c18 by task syz.0.17/6079\n CPU: 0 UID: 0 PID: 6079 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n skb_reset_mac_header include/linux/skbuff.h:3150 [inline]\n napi_frags_skb net/core/gro.c:723 [inline]\n napi_gro_frags+0x6e/0x1030 net/core/gro.c:758\n tun_get_user+0x28cb/0x3e20 drivers/net/tun.c:1920\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\n Allocated by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n unpoison_slab_object mm/kasan/common.c:330 [inline]\n __kasan_mempool_unpoison_object+0xa0/0x170 mm/kasan/common.c:558\n kasan_mempool_unpoison_object include/linux/kasan.h:388 [inline]\n napi_skb_cache_get+0x37b/0x6d0 net/core/skbuff.c:295\n __alloc_skb+0x11e/0x2d0 net/core/skbuff.c:657\n napi_alloc_skb+0x84/0x7d0 net/core/skbuff.c:811\n napi_get_frags+0x69/0x140 net/core/gro.c:673\n tun_napi_alloc_frags drivers/net/tun.c:1404 [inline]\n tun_get_user+0x77c/0x3e20 drivers/net/tun.c:1784\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n Freed by task 6079:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:243 [inline]\n __kasan_slab_free+0x5b/0x80 mm/kasan/common.c:275\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2422 [inline]\n slab_free mm/slub.c:4695 [inline]\n kmem_cache_free+0x18f/0x400 mm/slub.c:4797\n skb_pp_cow_data+0xdd8/0x13e0 net/core/skbuff.c:969\n netif_skb_check_for_xdp net/core/dev.c:5390 [inline]\n netif_receive_generic_xdp net/core/dev.c:5431 [inline]\n do_xdp_generic+0x699/0x11a0 net/core/dev.c:5499\n tun_get_user+0x2523/0x3e20 drivers/net/tun.c:1872\n tun_chr_write_iter+0x113/0x200 drivers/net/tun.c:1996\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAfter commit e6d5dbdd20aa (\"xdp: add multi-buff support for xdp running in\ngeneric mode\"), the original skb may be freed in skb_pp_cow_data() when\nXDP program was attached, which was allocated in tun_napi_alloc_frags().\nHowever, the napi-\u003eskb still point to the original skb, update it after\nXDP process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39984",
"url": "https://www.suse.com/security/cve/CVE-2025-39984"
},
{
"category": "external",
"summary": "SUSE Bug 1252081 for CVE-2025-39984",
"url": "https://bugzilla.suse.com/1252081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39984"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40012"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix warning in smc_rx_splice() when calling get_page()\n\nsmc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are\nlater passed to get_page() in smc_rx_splice(). Since kmalloc memory is\nnot page-backed, this triggers WARN_ON_ONCE() in get_page() and prevents\nholding a refcount on the buffer. This can lead to use-after-free if\nthe memory is released before splice_to_pipe() completes.\n\nUse folio_alloc() instead, ensuring DMBs are page-backed and safe for\nget_page().\n\nWARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]\nCPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONE\nHardware name: IBM 3931 A01 704 (z/VM 7.4.0)\nKrnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc])\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\nKrnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005\n 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000\n 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000\n 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8\nKrnl Code: 0007931610326960: af000000\t\tmc\t0,0\n 0007931610326964: a7f4ff43\t\tbrc\t15,00079316103267ea\n #0007931610326968: af000000\t\tmc\t0,0\n \u003e000793161032696c: a7f4ff3f\t\tbrc\t15,00079316103267ea\n 0007931610326970: e320f1000004\tlg\t%r2,256(%r15)\n 0007931610326976: c0e53fd1b5f5\tbrasl\t%r14,000793168fd5d560\n 000793161032697c: a7f4fbb5\t\tbrc\t15,00079316103260e6\n 0007931610326980: b904002b\t\tlgr\t%r2,%r11\nCall Trace:\n smc_rx_splice+0xafc/0xe20 [smc]\n smc_rx_splice+0x756/0xe20 [smc])\n smc_rx_recvmsg+0xa74/0xe00 [smc]\n smc_splice_read+0x1ce/0x3b0 [smc]\n sock_splice_read+0xa2/0xf0\n do_splice_read+0x198/0x240\n splice_file_to_pipe+0x7e/0x110\n do_splice+0x59e/0xde0\n __do_splice+0x11a/0x2d0\n __s390x_sys_splice+0x140/0x1f0\n __do_syscall+0x122/0x280\n system_call+0x6e/0x90\nLast Breaking-Event-Address:\nsmc_rx_splice+0x960/0xe20 [smc]\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40012",
"url": "https://www.suse.com/security/cve/CVE-2025-40012"
},
{
"category": "external",
"summary": "SUSE Bug 1252330 for CVE-2025-40012",
"url": "https://bugzilla.suse.com/1252330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40012"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: simplefb: Fix use after free in simplefb_detach_genpds()\n\nThe pm_domain cleanup can not be devres managed as it uses struct\nsimplefb_par which is allocated within struct fb_info by\nframebuffer_alloc(). This allocation is explicitly freed by\nunregister_framebuffer() in simplefb_remove().\nDevres managed cleanup runs after the device remove call and thus can no\nlonger access struct simplefb_par.\nCall simplefb_detach_genpds() explicitly from simplefb_destroy() like\nthe cleanup functions for clocks and regulators.\n\nFixes an use after free on M2 Mac mini during\naperture_remove_conflicting_devices() using the downstream asahi kernel\nwith Debian\u0027s kernel config. For unknown reasons this started to\nconsistently dereference an invalid pointer in v6.16.3 based kernels.\n\n[ 6.736134] BUG: KASAN: slab-use-after-free in simplefb_detach_genpds+0x58/0x220\n[ 6.743545] Read of size 4 at addr ffff8000304743f0 by task (udev-worker)/227\n[ 6.750697]\n[ 6.752182] CPU: 6 UID: 0 PID: 227 Comm: (udev-worker) Tainted: G S 6.16.3-asahi+ #16 PREEMPTLAZY\n[ 6.752186] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 6.752187] Hardware name: Apple Mac mini (M2, 2023) (DT)\n[ 6.752189] Call trace:\n[ 6.752190] show_stack+0x34/0x98 (C)\n[ 6.752194] dump_stack_lvl+0x60/0x80\n[ 6.752197] print_report+0x17c/0x4d8\n[ 6.752201] kasan_report+0xb4/0x100\n[ 6.752206] __asan_report_load4_noabort+0x20/0x30\n[ 6.752209] simplefb_detach_genpds+0x58/0x220\n[ 6.752213] devm_action_release+0x50/0x98\n[ 6.752216] release_nodes+0xd0/0x2c8\n[ 6.752219] devres_release_all+0xfc/0x178\n[ 6.752221] device_unbind_cleanup+0x28/0x168\n[ 6.752224] device_release_driver_internal+0x34c/0x470\n[ 6.752228] device_release_driver+0x20/0x38\n[ 6.752231] bus_remove_device+0x1b0/0x380\n[ 6.752234] device_del+0x314/0x820\n[ 6.752238] platform_device_del+0x3c/0x1e8\n[ 6.752242] platform_device_unregister+0x20/0x50\n[ 6.752246] aperture_detach_platform_device+0x1c/0x30\n[ 6.752250] aperture_detach_devices+0x16c/0x290\n[ 6.752253] aperture_remove_conflicting_devices+0x34/0x50\n...\n[ 6.752343]\n[ 6.967409] Allocated by task 62:\n[ 6.970724] kasan_save_stack+0x3c/0x70\n[ 6.974560] kasan_save_track+0x20/0x40\n[ 6.978397] kasan_save_alloc_info+0x40/0x58\n[ 6.982670] __kasan_kmalloc+0xd4/0xd8\n[ 6.986420] __kmalloc_noprof+0x194/0x540\n[ 6.990432] framebuffer_alloc+0xc8/0x130\n[ 6.994444] simplefb_probe+0x258/0x2378\n...\n[ 7.054356]\n[ 7.055838] Freed by task 227:\n[ 7.058891] kasan_save_stack+0x3c/0x70\n[ 7.062727] kasan_save_track+0x20/0x40\n[ 7.066565] kasan_save_free_info+0x4c/0x80\n[ 7.070751] __kasan_slab_free+0x6c/0xa0\n[ 7.074675] kfree+0x10c/0x380\n[ 7.077727] framebuffer_release+0x5c/0x90\n[ 7.081826] simplefb_destroy+0x1b4/0x2c0\n[ 7.085837] put_fb_info+0x98/0x100\n[ 7.089326] unregister_framebuffer+0x178/0x320\n[ 7.093861] simplefb_remove+0x3c/0x60\n[ 7.097611] platform_remove+0x60/0x98\n[ 7.101361] device_remove+0xb8/0x160\n[ 7.105024] device_release_driver_internal+0x2fc/0x470\n[ 7.110256] device_release_driver+0x20/0x38\n[ 7.114529] bus_remove_device+0x1b0/0x380\n[ 7.118628] device_del+0x314/0x820\n[ 7.122116] platform_device_del+0x3c/0x1e8\n[ 7.126302] platform_device_unregister+0x20/0x50\n[ 7.131012] aperture_detach_platform_device+0x1c/0x30\n[ 7.136157] aperture_detach_devices+0x16c/0x290\n[ 7.140779] aperture_remove_conflicting_devices+0x34/0x50\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40037",
"url": "https://www.suse.com/security/cve/CVE-2025-40037"
},
{
"category": "external",
"summary": "SUSE Bug 1252819 for CVE-2025-40037",
"url": "https://bugzilla.suse.com/1252819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40037"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix too early devlink_free() in ixgbe_remove()\n\nSince ixgbe_adapter is embedded in devlink, calling devlink_free()\nprematurely in the ixgbe_remove() path can lead to UAF. Move devlink_free()\nto the end.\n\nKASAN report:\n\n BUG: KASAN: use-after-free in ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n Read of size 8 at addr ffff0000adf813e0 by task bash/2095\n CPU: 1 UID: 0 PID: 2095 Comm: bash Tainted: G S 6.17.0-rc2-tnguy.net-queue+ #1 PREEMPT(full)\n [...]\n Call trace:\n show_stack+0x30/0x90 (C)\n dump_stack_lvl+0x9c/0xd0\n print_address_description.constprop.0+0x90/0x310\n print_report+0x104/0x1f0\n kasan_report+0x88/0x180\n __asan_report_load8_noabort+0x20/0x30\n ixgbe_reset_interrupt_capability+0x140/0x180 [ixgbe]\n ixgbe_clear_interrupt_scheme+0xf8/0x130 [ixgbe]\n ixgbe_remove+0x2d0/0x8c0 [ixgbe]\n pci_device_remove+0xa0/0x220\n device_remove+0xb8/0x170\n device_release_driver_internal+0x318/0x490\n device_driver_detach+0x40/0x68\n unbind_store+0xec/0x118\n drv_attr_store+0x64/0xb8\n sysfs_kf_write+0xcc/0x138\n kernfs_fop_write_iter+0x294/0x440\n new_sync_write+0x1fc/0x588\n vfs_write+0x480/0x6a0\n ksys_write+0xf0/0x1e0\n __arm64_sys_write+0x70/0xc0\n invoke_syscall.constprop.0+0xcc/0x280\n el0_svc_common.constprop.0+0xa8/0x248\n do_el0_svc+0x44/0x68\n el0_svc+0x54/0x160\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1b0/0x1b8",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40091",
"url": "https://www.suse.com/security/cve/CVE-2025-40091"
},
{
"category": "external",
"summary": "SUSE Bug 1252915 for CVE-2025-40091",
"url": "https://bugzilla.suse.com/1252915"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40091"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
},
{
"cve": "CVE-2025-40104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbevf: fix mailbox API compatibility by negotiating supported features\n\nThere was backward compatibility in the terms of mailbox API. Various\ndrivers from various OSes supporting 10G adapters from Intel portfolio\ncould easily negotiate mailbox API.\n\nThis convention has been broken since introducing API 1.4.\nCommit 0062e7cc955e (\"ixgbevf: add VF IPsec offload code\") added support\nfor IPSec which is specific only for the kernel ixgbe driver. None of the\nrest of the Intel 10G PF/VF drivers supports it. And actually lack of\nsupport was not included in the IPSec implementation - there were no such\ncode paths. No possibility to negotiate support for the feature was\nintroduced along with introduction of the feature itself.\n\nCommit 339f28964147 (\"ixgbevf: Add support for new mailbox communication\nbetween PF and VF\") increasing API version to 1.5 did the same - it\nintroduced code supported specifically by the PF ESX driver. It altered API\nversion for the VF driver in the same time not touching the version\ndefined for the PF ixgbe driver. It led to additional discrepancies,\nas the code provided within API 1.6 cannot be supported for Linux ixgbe\ndriver as it causes crashes.\n\nThe issue was noticed some time ago and mitigated by Jake within the commit\nd0725312adf5 (\"ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5\").\nAs a result we have regression for IPsec support and after increasing API\nto version 1.6 ixgbevf driver stopped to support ESX MBX.\n\nTo fix this mess add new mailbox op asking PF driver about supported\nfeatures. Basing on a response determine whether to set support for IPSec\nand ESX-specific enhanced mailbox.\n\nNew mailbox op, for compatibility purposes, must be added within new API\nrevision, as API version of OOT PF \u0026 VF drivers is already increased to\n1.6 and doesn\u0027t incorporate features negotiate op.\n\nFeatures negotiation mechanism gives possibility to be extended with new\nfeatures when needed in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40104",
"url": "https://www.suse.com/security/cve/CVE-2025-40104"
},
{
"category": "external",
"summary": "SUSE Bug 1252921 for CVE-2025-40104",
"url": "https://bugzilla.suse.com/1252921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_22-rt-1-150700.1.3.1.x86_64",
"SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.22.1.noarch",
"SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.22.1.x86_64",
"SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.22.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-19T14:06:18Z",
"details": "moderate"
}
],
"title": "CVE-2025-40104"
}
]
}
SUSE-SU-2025:21052-1
Vulnerability from csaf_suse - Published: 2025-11-25 18:51 - Updated: 2025-11-25 18:51Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non-security bugs were fixed:
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).
- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).
- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).
- ACPI: property: Add code comments explaining what is going on (stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).
- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).
- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).
- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).
- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process "guest stopped request" once per guest time update (git-fixes).
- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).
- add bug reference to existing hv_netvsc change (bsc#1252265)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).
- cpuidle: menu: Avoid discarding useful information (stable-fixes).
- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).
- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).
- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- ext4: fix calculation of credits for extent tree modification (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).
- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).
- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- ext4: fix zombie groups in average fragment size lists (git-fixes).
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- ext4: reorder capability check last (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- i2c: ocores: use devm_ managed clks (git-fixes).
- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).
- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- isofs: Verify inode mode when loading from disk (git-fixes).
- jbd2: do not try to recover wiped journal (git-fixes).
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).
- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).
- overlayfs: set ctime when setting mtime and atime (stable-fixes).
- ovl: Always reevaluate the file signature for IMA (stable-fixes).
- ovl: fix file reference leak when submitting aio (stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).
- perf/x86/intel: Use better start period for frequency mode (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).
- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).
- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).
- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).
- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).
- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).
- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).
- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).
- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- serial: 8250_dw: handle reset control deassert error (git-fixes).
- serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).
- udf: Verify partition map count (git-fixes).
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).
- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-206
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non-security bugs were fixed:\n\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).\n- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).\n- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).\n- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).\n- ACPI: property: Add code comments explaining what is going on (stable-fixes).\n- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).\n- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).\n- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).\n- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).\n- ACPICA: Allow to skip Global Lock initialization (stable-fixes).\n- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).\n- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).\n- ALSA: usb-audio: fix control pipe direction (git-fixes).\n- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).\n- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).\n- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).\n- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).\n- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).\n- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).\n- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).\n- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).\n- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).\n- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).\n- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).\n- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).\n- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).\n- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).\n- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).\n- HID: multitouch: fix name of Stylus input devices (git-fixes).\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).\n- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).\n- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).\n- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).\n- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).\n- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).\n- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).\n- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).\n- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).\n- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).\n- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).\n- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).\n- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \"guest stopped request\" once per guest time update (git-fixes).\n- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).\n- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL after disabling IRQs (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).\n- NFSD: Fix crash in nfsd4_read_release() (git-fixes).\n- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).\n- NFSD: Minor cleanup in layoutcommit processing (git-fixes).\n- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).\n- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).\n- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).\n- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).\n- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).\n- PCI: j721e: Enable ACSPCIE Refclk if \"ti,syscon-acspcie-proxy-ctrl\" exists (stable-fixes).\n- PCI: j721e: Fix programming sequence of \"strap\" settings (git-fixes).\n- PM: runtime: Add new devm functions (stable-fixes).\n- Revert \"KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()\" (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).\n- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).\n- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).\n- add bug reference to existing hv_netvsc change (bsc#1252265)\n- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)\n- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)\n- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)\n- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).\n- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).\n- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).\n- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).\n- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).\n- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).\n- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).\n- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).\n- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).\n- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).\n- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).\n- can: rcar_canfd: Fix controller mode setting (stable-fixes).\n- clk: at91: peripheral: fix return value (git-fixes).\n- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).\n- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).\n- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).\n- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).\n- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).\n- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).\n- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).\n- cpuidle: menu: Avoid discarding useful information (stable-fixes).\n- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).\n- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).\n- crypto: rng - Ensure set_ent is always present (git-fixes).\n- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).\n- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).\n- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).\n- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).\n- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).\n- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).\n- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).\n- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).\n- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).\n- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).\n- drm/etnaviv: fix flush sequence logic (git-fixes).\n- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).\n- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).\n- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).\n- drm/mediatek: Fix device use-after-free on unbind (git-fixes).\n- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).\n- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).\n- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).\n- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).\n- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).\n- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).\n- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).\n- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).\n- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).\n- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).\n- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).\n- ext4: check fast symlink for ea_inode correctly (git-fixes).\n- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).\n- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).\n- ext4: ensure i_size is smaller than maxbytes (git-fixes).\n- ext4: factor out ext4_get_maxbytes() (git-fixes).\n- ext4: fix calculation of credits for extent tree modification (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).\n- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).\n- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).\n- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).\n- ext4: fix zombie groups in average fragment size lists (git-fixes).\n- ext4: preserve SB_I_VERSION on remount (git-fixes).\n- ext4: reorder capability check last (git-fixes).\n- fbdev: Fix logic error in \"offb\" name match (git-fixes).\n- fbdev: atyfb: Check if pll_ops-\u003einit_pll failed (git-fixes).\n- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).\n- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).\n- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).\n- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).\n- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).\n- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).\n- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).\n- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).\n- i2c: ocores: use devm_ managed clks (git-fixes).\n- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).\n- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).\n- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).\n- iommu/vt-d: PRS isn\u0027t usable if PDS isn\u0027t supported (git-fixes).\n- isofs: Verify inode mode when loading from disk (git-fixes).\n- jbd2: do not try to recover wiped journal (git-fixes).\n- kABI fix for KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).\n- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).\n- locking/mutex: Introduce devm_mutex_init() (stable-fixes).\n- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).\n- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).\n- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).\n- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).\n- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).\n- media: tunner: xc5000: Refactor firmware load (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).\n- misc: fastrpc: Add missing dev_err newlines (stable-fixes).\n- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).\n- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).\n- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).\n- misc: fastrpc: Skip reference for DMA handles (git-fixes).\n- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).\n- mmc: core: SPI mode remove cmd7 (stable-fixes).\n- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).\n- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).\n- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path (git-fixes).\n- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).\n- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).\n- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).\n- net: usb: lan78xx: fix use of improperly initialized dev-\u003echipid in lan78xx_reset (git-fixes).\n- net: usb: rtl8150: Fix frame padding (git-fixes).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).\n- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).\n- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).\n- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).\n- overlayfs: set ctime when setting mtime and atime (stable-fixes).\n- ovl: Always reevaluate the file signature for IMA (stable-fixes).\n- ovl: fix file reference leak when submitting aio (stable-fixes).\n- ovl: fix incorrect fdput() on aio completion (stable-fixes).\n- perf/amd/ibs: Fix -\u003econfig to sample period calculation for OP PMU (git-fixes).\n- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).\n- perf/amd: Prevent grouping of IBS events (git-fixes).\n- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).\n- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).\n- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).\n- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).\n- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).\n- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).\n- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).\n- perf/core: Fix small negative period being ignored (git-fixes).\n- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).\n- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).\n- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).\n- perf/x86/amd: Warn only on new bits set (git-fixes).\n- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).\n- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).\n- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Apply static call for drain_pebs (git-fixes).\n- perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).\n- perf/x86/intel: Use better start period for frequency mode (git-fixes).\n- perf/x86: Fix low freqency setting issue (git-fixes).\n- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).\n- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).\n- perf: Extract a few helpers (git-fixes).\n- perf: Fix cgroup state vs ERROR (git-fixes).\n- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- r8152: add error handling in rtl8152_driver_init (git-fixes).\n- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).\n- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).\n- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).\n- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).\n- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).\n- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).\n- rtc: optee: fix memory leak on driver removal (git-fixes).\n- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).\n- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).\n- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).\n- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).\n- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).\n- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).\n- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).\n- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).\n- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).\n- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).\n- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).\n- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).\n- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).\n- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).\n- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).\n- serial: 8250_dw: handle reset control deassert error (git-fixes).\n- serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).\n- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).\n- staging: axis-fifo: fix maximum TX packet length check (git-fixes).\n- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).\n- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).\n- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).\n- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).\n- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).\n- tracing: Fix filter string testing (git-fixes).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).\n- udf: Verify partition map count (git-fixes).\n- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).\n- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).\n- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).\n- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).\n- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).\n- usbnet: Prevents free active kevent (git-fixes).\n- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).\n- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).\n- wifi: ath12k: free skb during idr cleanup callback (git-fixes).\n- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).\n- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).\n- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).\n- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).\n- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-206",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21052-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21052-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521052-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21052-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-November/042884.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1236743",
"url": "https://bugzilla.suse.com/1236743"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1246244",
"url": "https://bugzilla.suse.com/1246244"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252269",
"url": "https://bugzilla.suse.com/1252269"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39898 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-25T18:51:32Z",
"generator": {
"date": "2025-11-25T18:51:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21052-1",
"initial_release_date": "2025-11-25T18:51:32Z",
"revision_history": [
{
"date": "2025-11-25T18:51:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-38.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-38.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-38.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-38.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-38.1.noarch",
"product_id": "kernel-source-rt-6.4.0-38.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-38.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-38.1.x86_64",
"product_id": "kernel-rt-6.4.0-38.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-38.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-38.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-38.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-38.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-38.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-38.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-38.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-38.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-38.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39898"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39898",
"url": "https://www.suse.com/security/cve/CVE-2025-39898"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250742 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "external",
"summary": "SUSE Bug 1250744 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250744"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-39898"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-devel-rt-6.4.0-38.1.noarch",
"SUSE Linux Micro 6.0:kernel-rt-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-rt-livepatch-6.4.0-38.1.x86_64",
"SUSE Linux Micro 6.0:kernel-source-rt-6.4.0-38.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-25T18:51:32Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:21056-1
Vulnerability from csaf_suse - Published: 2025-11-13 14:22 - Updated: 2025-11-13 14:22Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non-security bugs were fixed:
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).
- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).
- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).
- ACPI: property: Add code comments explaining what is going on (stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).
- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).
- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).
- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).
- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process "guest stopped request" once per guest time update (git-fixes).
- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).
- add bug reference to existing hv_netvsc change (bsc#1252265)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).
- cpuidle: menu: Avoid discarding useful information (stable-fixes).
- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).
- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).
- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- ext4: fix calculation of credits for extent tree modification (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).
- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).
- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- ext4: fix zombie groups in average fragment size lists (git-fixes).
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- ext4: reorder capability check last (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- i2c: ocores: use devm_ managed clks (git-fixes).
- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).
- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- isofs: Verify inode mode when loading from disk (git-fixes).
- jbd2: do not try to recover wiped journal (git-fixes).
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).
- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).
- overlayfs: set ctime when setting mtime and atime (stable-fixes).
- ovl: Always reevaluate the file signature for IMA (stable-fixes).
- ovl: fix file reference leak when submitting aio (stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).
- perf/x86/intel: Use better start period for frequency mode (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).
- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).
- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).
- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).
- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).
- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).
- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).
- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).
- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- serial: 8250_dw: handle reset control deassert error (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).
- udf: Verify partition map count (git-fixes).
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).
- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
Patchnames
SUSE-SLE-Micro-6.1-kernel-204
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non-security bugs were fixed:\n\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).\n- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).\n- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).\n- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).\n- ACPI: property: Add code comments explaining what is going on (stable-fixes).\n- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).\n- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).\n- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).\n- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).\n- ACPICA: Allow to skip Global Lock initialization (stable-fixes).\n- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).\n- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).\n- ALSA: usb-audio: fix control pipe direction (git-fixes).\n- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).\n- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).\n- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).\n- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).\n- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).\n- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).\n- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).\n- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).\n- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).\n- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).\n- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).\n- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).\n- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).\n- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).\n- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).\n- HID: multitouch: fix name of Stylus input devices (git-fixes).\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).\n- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).\n- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).\n- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).\n- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).\n- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).\n- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).\n- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).\n- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).\n- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).\n- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).\n- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).\n- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \"guest stopped request\" once per guest time update (git-fixes).\n- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).\n- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL after disabling IRQs (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).\n- NFSD: Fix crash in nfsd4_read_release() (git-fixes).\n- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).\n- NFSD: Minor cleanup in layoutcommit processing (git-fixes).\n- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).\n- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).\n- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).\n- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).\n- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).\n- PCI: j721e: Enable ACSPCIE Refclk if \"ti,syscon-acspcie-proxy-ctrl\" exists (stable-fixes).\n- PCI: j721e: Fix programming sequence of \"strap\" settings (git-fixes).\n- PM: runtime: Add new devm functions (stable-fixes).\n- Revert \"KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()\" (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).\n- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).\n- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).\n- add bug reference to existing hv_netvsc change (bsc#1252265)\n- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)\n- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)\n- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)\n- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).\n- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).\n- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).\n- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).\n- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).\n- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).\n- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).\n- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).\n- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).\n- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).\n- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).\n- can: rcar_canfd: Fix controller mode setting (stable-fixes).\n- clk: at91: peripheral: fix return value (git-fixes).\n- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).\n- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).\n- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).\n- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).\n- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).\n- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).\n- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).\n- cpuidle: menu: Avoid discarding useful information (stable-fixes).\n- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).\n- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).\n- crypto: rng - Ensure set_ent is always present (git-fixes).\n- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).\n- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).\n- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).\n- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).\n- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).\n- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).\n- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).\n- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).\n- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).\n- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).\n- drm/etnaviv: fix flush sequence logic (git-fixes).\n- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).\n- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).\n- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).\n- drm/mediatek: Fix device use-after-free on unbind (git-fixes).\n- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).\n- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).\n- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).\n- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).\n- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).\n- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).\n- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).\n- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).\n- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).\n- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).\n- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).\n- ext4: check fast symlink for ea_inode correctly (git-fixes).\n- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).\n- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).\n- ext4: ensure i_size is smaller than maxbytes (git-fixes).\n- ext4: factor out ext4_get_maxbytes() (git-fixes).\n- ext4: fix calculation of credits for extent tree modification (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).\n- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).\n- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).\n- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).\n- ext4: fix zombie groups in average fragment size lists (git-fixes).\n- ext4: preserve SB_I_VERSION on remount (git-fixes).\n- ext4: reorder capability check last (git-fixes).\n- fbdev: Fix logic error in \"offb\" name match (git-fixes).\n- fbdev: atyfb: Check if pll_ops-\u003einit_pll failed (git-fixes).\n- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).\n- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).\n- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).\n- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).\n- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).\n- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).\n- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).\n- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).\n- i2c: ocores: use devm_ managed clks (git-fixes).\n- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).\n- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).\n- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).\n- iommu/vt-d: PRS isn\u0027t usable if PDS isn\u0027t supported (git-fixes).\n- isofs: Verify inode mode when loading from disk (git-fixes).\n- jbd2: do not try to recover wiped journal (git-fixes).\n- kABI fix for KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).\n- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).\n- locking/mutex: Introduce devm_mutex_init() (stable-fixes).\n- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).\n- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).\n- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).\n- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).\n- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).\n- media: tunner: xc5000: Refactor firmware load (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).\n- misc: fastrpc: Add missing dev_err newlines (stable-fixes).\n- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).\n- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).\n- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).\n- misc: fastrpc: Skip reference for DMA handles (git-fixes).\n- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).\n- mmc: core: SPI mode remove cmd7 (stable-fixes).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).\n- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).\n- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path (git-fixes).\n- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).\n- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).\n- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).\n- net: usb: lan78xx: fix use of improperly initialized dev-\u003echipid in lan78xx_reset (git-fixes).\n- net: usb: rtl8150: Fix frame padding (git-fixes).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).\n- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).\n- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).\n- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).\n- overlayfs: set ctime when setting mtime and atime (stable-fixes).\n- ovl: Always reevaluate the file signature for IMA (stable-fixes).\n- ovl: fix file reference leak when submitting aio (stable-fixes).\n- ovl: fix incorrect fdput() on aio completion (stable-fixes).\n- perf/amd/ibs: Fix -\u003econfig to sample period calculation for OP PMU (git-fixes).\n- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).\n- perf/amd: Prevent grouping of IBS events (git-fixes).\n- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).\n- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).\n- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).\n- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).\n- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).\n- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).\n- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).\n- perf/core: Fix small negative period being ignored (git-fixes).\n- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).\n- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).\n- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).\n- perf/x86/amd: Warn only on new bits set (git-fixes).\n- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).\n- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).\n- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Apply static call for drain_pebs (git-fixes).\n- perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).\n- perf/x86/intel: Use better start period for frequency mode (git-fixes).\n- perf/x86: Fix low freqency setting issue (git-fixes).\n- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).\n- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).\n- perf: Extract a few helpers (git-fixes).\n- perf: Fix cgroup state vs ERROR (git-fixes).\n- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- r8152: add error handling in rtl8152_driver_init (git-fixes).\n- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).\n- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).\n- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).\n- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).\n- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).\n- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).\n- rtc: optee: fix memory leak on driver removal (git-fixes).\n- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).\n- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).\n- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).\n- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).\n- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).\n- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).\n- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).\n- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).\n- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).\n- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).\n- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).\n- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).\n- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).\n- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).\n- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).\n- serial: 8250_dw: handle reset control deassert error (git-fixes).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).\n- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).\n- staging: axis-fifo: fix maximum TX packet length check (git-fixes).\n- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).\n- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).\n- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).\n- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).\n- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).\n- tracing: Fix filter string testing (git-fixes).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).\n- udf: Verify partition map count (git-fixes).\n- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).\n- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).\n- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).\n- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).\n- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).\n- usbnet: Prevents free active kevent (git-fixes).\n- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).\n- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).\n- wifi: ath12k: free skb during idr cleanup callback (git-fixes).\n- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).\n- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).\n- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).\n- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).\n- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-204",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21056-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21056-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521056-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21056-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023419.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1236743",
"url": "https://bugzilla.suse.com/1236743"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252269",
"url": "https://bugzilla.suse.com/1252269"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39898 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-13T14:22:56Z",
"generator": {
"date": "2025-11-13T14:22:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21056-1",
"initial_release_date": "2025-11-13T14:22:56Z",
"revision_history": [
{
"date": "2025-11-13T14:22:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-36.1.aarch64",
"product_id": "kernel-default-6.4.0-36.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-36.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-36.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-36.1.noarch",
"product_id": "kernel-devel-6.4.0-36.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-36.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-36.1.noarch",
"product_id": "kernel-macros-6.4.0-36.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-36.1.noarch",
"product": {
"name": "kernel-source-6.4.0-36.1.noarch",
"product_id": "kernel-source-6.4.0-36.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.ppc64le",
"product": {
"name": "kernel-default-6.4.0-36.1.ppc64le",
"product_id": "kernel-default-6.4.0-36.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.ppc64le",
"product_id": "kernel-default-devel-6.4.0-36.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-6.4.0-36.1.s390x",
"product_id": "kernel-default-6.4.0-36.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.s390x",
"product_id": "kernel-default-devel-6.4.0-36.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-36.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-36.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-36.1.x86_64",
"product_id": "kernel-default-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-36.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le"
},
"product_reference": "kernel-default-6.4.0-36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
},
"product_reference": "kernel-source-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39898"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39898",
"url": "https://www.suse.com/security/cve/CVE-2025-39898"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250742 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "external",
"summary": "SUSE Bug 1250744 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250744"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39898"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T14:22:56Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:21040-1
Vulnerability from csaf_suse - Published: 2025-11-13 15:32 - Updated: 2025-11-13 15:32Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non-security bugs were fixed:
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).
- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).
- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).
- ACPI: property: Add code comments explaining what is going on (stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).
- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).
- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).
- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).
- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).
- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process "guest stopped request" once per guest time update (git-fixes).
- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs (git-fixes).
- KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if "ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings (git-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).
- add bug reference to existing hv_netvsc change (bsc#1252265)
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).
- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).
- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).
- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).
- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).
- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).
- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).
- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).
- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).
- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).
- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).
- cpuidle: menu: Avoid discarding useful information (stable-fixes).
- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).
- crypto: rng - Ensure set_ent is always present (git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).
- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).
- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- ext4: fix calculation of credits for extent tree modification (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).
- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).
- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- ext4: fix zombie groups in average fragment size lists (git-fixes).
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- ext4: reorder capability check last (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).
- i2c: ocores: use devm_ managed clks (git-fixes).
- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).
- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- isofs: Verify inode mode when loading from disk (git-fixes).
- jbd2: do not try to recover wiped journal (git-fixes).
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common x86 (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).
- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).
- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).
- net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).
- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).
- overlayfs: set ctime when setting mtime and atime (stable-fixes).
- ovl: Always reevaluate the file signature for IMA (stable-fixes).
- ovl: fix file reference leak when submitting aio (stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for OP PMU (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).
- perf/x86/intel: Use better start period for frequency mode (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).
- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).
- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).
- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).
- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).
- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).
- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).
- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).
- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).
- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- serial: 8250_dw: handle reset control deassert error (git-fixes).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).
- staging: axis-fifo: fix maximum TX packet length check (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).
- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).
- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).
- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).
- tracing: Fix filter string testing (git-fixes).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).
- udf: Verify partition map count (git-fixes).
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).
- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).
- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
Patchnames
SUSE-SLE-Micro-6.0-kernel-204
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).\n- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).\n- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).\n- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).\n- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).\n- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated (bsc#1249182).\n- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).\n- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).\n- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).\n- CVE-2025-39683: tracing: Limit access to parser-\u003ebuffer when trace_get_user failed (bsc#1249286).\n- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).\n- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).\n- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).\n- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).\n- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).\n- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).\n- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).\n- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).\n- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).\n- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).\n- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).\n- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).\n- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).\n- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).\n- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).\n- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).\n- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).\n- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).\n- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).\n- CVE-2025-39949: qed: Don\u0027t collect too many protection override GRC elements (bsc#1251177).\n- CVE-2025-39955: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (bsc#1251804).\n- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).\n- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).\n- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).\n- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).\n- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).\n- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).\n- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).\n- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).\n- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).\n- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).\n- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).\n- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).\n- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).\n- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).\n- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).\n- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).\n\nThe following non-security bugs were fixed:\n\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes).\n- ACPI: battery: Add synchronization between interface updates (git-fixes).\n- ACPI: battery: Check for error code from devm_mutex_init() call (git-fixes).\n- ACPI: battery: allocate driver data through devm_ APIs (stable-fixes).\n- ACPI: battery: initialize mutexes through devm_ APIs (stable-fixes).\n- ACPI: button: Call input_free_device() on failing input device registration (git-fixes).\n- ACPI: property: Add code comments explaining what is going on (stable-fixes).\n- ACPI: property: Disregard references in data-only subnode lists (stable-fixes).\n- ACPI: property: Do not pass NULL handles to acpi_attach_data() (stable-fixes git-fixes).\n- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (git-fixes).\n- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes).\n- ACPICA: Allow to skip Global Lock initialization (stable-fixes).\n- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (git-fixes).\n- ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card (git-fixes).\n- ALSA: usb-audio: fix control pipe direction (git-fixes).\n- ASoC: Intel: avs: Unprepare a stream when XRUN occurs (git-fixes).\n- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes).\n- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes).\n- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).\n- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034 codec (git-fixes).\n- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).\n- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit (git-fixes).\n- ASoC: nau8821: Cancel jdet_work before handling jack ejection (git-fixes).\n- ASoC: nau8821: Generalize helper to clear IRQ status (git-fixes).\n- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).\n- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes).\n- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset (git-fixes).\n- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes).\n- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (git-fixes).\n- HID: hid-input: only ignore 0 battery events for digitizers (git-fixes).\n- HID: multitouch: fix name of Stylus input devices (git-fixes).\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes).\n- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).\n- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).\n- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() (git-fixes).\n- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).\n- KVM: SVM: Inject #GP if memory operand for INVPCID is non-canonical (git-fixes).\n- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (git-fixes).\n- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow (git-fixes).\n- KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing (git-fixes).\n- KVM: x86: Bypass register cache when querying CPL from kvm_sched_out() (git-fixes).\n- KVM: x86: Clear pv_unhalted on all transitions to KVM_MP_STATE_RUNNABLE (git-fixes).\n- KVM: x86: Do not bleed PVCLOCK_GUEST_STOPPED across PV clocks (git-fixes).\n- KVM: x86: Do not inject PV async #PF if SEND_ALWAYS=0 and guest state is protected (git-fixes).\n- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).\n- KVM: x86: Introduce kvm_x86_call() to simplify static calls of kvm_x86_ops (git-fixes).\n- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).\n- KVM: x86: Process \"guest stopped request\" once per guest time update (git-fixes).\n- KVM: x86: Replace static_call_cond() with static_call() (git-fixes).\n- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not for Xen PV clock (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL after disabling IRQs (git-fixes).\n- KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer (git-fixes).\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes).\n- NFSD: Fix crash in nfsd4_read_release() (git-fixes).\n- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes).\n- NFSD: Minor cleanup in layoutcommit processing (git-fixes).\n- NFSD: Rework encoding and decoding of nfsd4_deviceid (git-fixes).\n- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).\n- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).\n- PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() (stable-fixes).\n- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release (git-fixes).\n- PCI: j721e: Enable ACSPCIE Refclk if \"ti,syscon-acspcie-proxy-ctrl\" exists (stable-fixes).\n- PCI: j721e: Fix programming sequence of \"strap\" settings (git-fixes).\n- PM: runtime: Add new devm functions (stable-fixes).\n- Revert \"KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()\" (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (git-fixes).\n- USB: serial: option: add SIMCom 8230C compositions (stable-fixes).\n- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).\n- accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() (git-fixes).\n- add bug reference to existing hv_netvsc change (bsc#1252265)\n- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)\n- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)\n- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)\n- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)\n- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).\n- bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes).\n- bpf: Check link_create.flags parameter for multi_kprobe (git-fixes).\n- bpf: Check link_create.flags parameter for multi_uprobe (git-fixes).\n- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes).\n- bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes).\n- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (git-fixes).\n- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running (git-fixes).\n- btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() (git-fixes).\n- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb() instead of can_dropped_invalid_skb() (git-fixes).\n- can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes).\n- can: netlink: can_changelink(): allow disabling of automatic restart (git-fixes).\n- can: rcar_canfd: Fix controller mode setting (stable-fixes).\n- clk: at91: peripheral: fix return value (git-fixes).\n- clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes).\n- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes).\n- clk: tegra: do not overallocate memory for bpmp clocks (git-fixes).\n- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception (git-fixes).\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes git-fixes).\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).\n- cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes).\n- cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes).\n- cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes).\n- cpuidle: governors: menu: Avoid using invalid recent intervals data (git-fixes).\n- cpuidle: menu: Avoid discarding useful information (stable-fixes).\n- cpuidle: qcom-spm: fix device and OF node leaks at probe (git-fixes).\n- crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes).\n- crypto: rng - Ensure set_ent is always present (git-fixes).\n- driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes).\n- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions (git-fixes).\n- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes).\n- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).\n- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes).\n- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (git-fixes).\n- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (git-fixes).\n- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).\n- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).\n- drm/amd: Check whether secure display TA loaded successfully (stable-fixes).\n- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).\n- drm/amdgpu: use atomic functions with memory barriers for vm fault info (git-fixes).\n- drm/bridge: lt9211: Drop check for last nibble of version register (git-fixes).\n- drm/etnaviv: fix flush sequence logic (git-fixes).\n- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference in functions (stable-fixes).\n- drm/exynos: exynos7_drm_decon: properly clear channels during bind (stable-fixes).\n- drm/i915/guc: Skip communication warning on reset in progress (git-fixes).\n- drm/mediatek: Fix device use-after-free on unbind (git-fixes).\n- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).\n- drm/msm/adreno: De-spaghettify the use of memory barriers (stable-fixes).\n- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes).\n- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).\n- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89 (git-fixes).\n- drm/rockchip: vop2: use correct destination rectangle height check (git-fixes).\n- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (git-fixes).\n- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).\n- drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes).\n- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).\n- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (git-fixes).\n- ext4: check fast symlink for ea_inode correctly (git-fixes).\n- ext4: do not convert the unwritten extents if data writeback fails (git-fixes).\n- ext4: do not try to clear the orphan_present feature block device is r/o (git-fixes).\n- ext4: ensure i_size is smaller than maxbytes (git-fixes).\n- ext4: factor out ext4_get_maxbytes() (git-fixes).\n- ext4: fix calculation of credits for extent tree modification (git-fixes).\n- ext4: fix checks for orphan inodes (bsc#1250119).\n- ext4: fix fsmap end of range reporting with bigalloc (git-fixes).\n- ext4: fix hole length calculation overflow in non-extent inodes (git-fixes).\n- ext4: fix largest free orders lists corruption on mb_optimize_scan switch (git-fixes).\n- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).\n- ext4: fix zombie groups in average fragment size lists (git-fixes).\n- ext4: preserve SB_I_VERSION on remount (git-fixes).\n- ext4: reorder capability check last (git-fixes).\n- fbdev: Fix logic error in \"offb\" name match (git-fixes).\n- fbdev: atyfb: Check if pll_ops-\u003einit_pll failed (git-fixes).\n- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (git-fixes).\n- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode (git-fixes).\n- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).\n- ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes).\n- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).\n- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (git-fixes).\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (git-fixes).\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).\n- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (git-fixes).\n- hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes).\n- i2c: ocores: use devm_ managed clks (git-fixes).\n- iomap: Fix iomap_adjust_read_range for plen calculation (git-fixes).\n- iomap: handle a post-direct I/O invalidate race in iomap_write_delalloc_release (git-fixes).\n- iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes).\n- iommu/vt-d: PRS isn\u0027t usable if PDS isn\u0027t supported (git-fixes).\n- isofs: Verify inode mode when loading from disk (git-fixes).\n- jbd2: do not try to recover wiped journal (git-fixes).\n- kABI fix for KVM: x86: Snapshot the host\u0027s DEBUGCTL in common x86 (git-fixes).\n- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).\n- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).\n- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older (stable-fixes).\n- locking/mutex: Introduce devm_mutex_init() (stable-fixes).\n- locking/mutex: Mark devm_mutex_init() as __must_check (stable-fixes).\n- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes).\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes).\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes).\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes).\n- media: nxp: imx8-isi: Drop unused argument to mxc_isi_channel_chain() (stable-fixes).\n- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c) (git-fixes).\n- media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes).\n- media: tunner: xc5000: Refactor firmware load (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (stable-fixes).\n- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (git-fixes).\n- misc: fastrpc: Add missing dev_err newlines (stable-fixes).\n- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup (git-fixes).\n- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).\n- misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes).\n- misc: fastrpc: Skip reference for DMA handles (git-fixes).\n- misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes).\n- mmc: core: SPI mode remove cmd7 (stable-fixes).\n- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).\n- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).\n- most: usb: hdm_probe: Fix calling put_device() before device initialization (git-fixes).\n- mtd: rawnand: fsmc: Default to autodetect buswidth (stable-fixes).\n- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).\n- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).\n- net: sysfs: Fix /sys/class/net/\u0026lt;iface\u003e path (git-fixes).\n- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes).\n- net: usb: asix_devices: Check return value of usbnet_get_endpoints (git-fixes).\n- net: usb: lan78xx: Add error handling to lan78xx_init_mac_address (git-fixes).\n- net: usb: lan78xx: fix use of improperly initialized dev-\u003echipid in lan78xx_reset (git-fixes).\n- net: usb: rtl8150: Fix frame padding (git-fixes).\n- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).\n- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (git-fixes).\n- nvme-multipath: Skip nr_active increments in RETRY disposition (git-fixes).\n- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk (git-fixes).\n- nvme/tcp: handle tls partially sent records in write_space() (git-fixes).\n- overlayfs: set ctime when setting mtime and atime (stable-fixes).\n- ovl: Always reevaluate the file signature for IMA (stable-fixes).\n- ovl: fix file reference leak when submitting aio (stable-fixes).\n- ovl: fix incorrect fdput() on aio completion (stable-fixes).\n- perf/amd/ibs: Fix -\u003econfig to sample period calculation for OP PMU (git-fixes).\n- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).\n- perf/amd: Prevent grouping of IBS events (git-fixes).\n- perf/aux: Fix pending disable flow when the AUX ring buffer overruns (git-fixes).\n- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).\n- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).\n- perf/core: Fix broken throttling when max_samples_per_tick=1 (git-fixes).\n- perf/core: Fix child_total_time_enabled accounting bug at task exit (git-fixes).\n- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).\n- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).\n- perf/core: Fix small negative period being ignored (git-fixes).\n- perf/core: Fix the WARN_ON_ONCE is out of lock protected region (git-fixes).\n- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type (git-fixes).\n- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll (git-fixes).\n- perf/x86/amd: Warn only on new bits set (git-fixes).\n- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing PEBS_DATA_CFG (git-fixes).\n- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR (git-fixes).\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR (git-fixes).\n- perf/x86/intel: Allow to setup LBR for counting event for BPF (git-fixes).\n- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).\n- perf/x86/intel: Apply static call for drain_pebs (git-fixes).\n- perf/x86/intel: Avoid disable PMU if !cpuc-\u003eenabled in sample read (git-fixes).\n- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).\n- perf/x86/intel: Only check the group flag for X86 leader (git-fixes).\n- perf/x86/intel: Use better start period for frequency mode (git-fixes).\n- perf/x86: Fix low freqency setting issue (git-fixes).\n- perf/x86: Fix non-sampling (counting) events on certain x86 platforms (git-fixes).\n- perf: Ensure bpf_perf_link path is properly serialized (git-fixes).\n- perf: Extract a few helpers (git-fixes).\n- perf: Fix cgroup state vs ERROR (git-fixes).\n- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling (git-fixes).\n- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).\n- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).\n- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes).\n- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes).\n- powerpc/boot: Fix build with gcc 15 (bsc#1215199).\n- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).\n- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).\n- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).\n- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).\n- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).\n- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).\n- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)\n- proc: fix type confusion in pde_set_flags() (bsc#1248630)\n- r8152: add error handling in rtl8152_driver_init (git-fixes).\n- r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H (git-fixes).\n- regmap: slimbus: fix bus_context pointer in regmap init calls (git-fixes).\n- regulator: bd718x7: Fix voltages scaled by resistor divider (git-fixes).\n- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946).\n- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (stable-fixes).\n- rtc: interface: Fix long-standing race when setting alarm (stable-fixes).\n- rtc: optee: fix memory leak on driver removal (git-fixes).\n- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).\n- s390: Initialize psw mask in perf_arch_fetch_caller_regs() (git-fixes).\n- samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes).\n- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)\n- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).\n- selftests/bpf: Add test for unpinning htab with internal timer struct (git-fixes).\n- selftests/bpf: Fix C++ compile error from missing _Bool type (git-fixes).\n- selftests/bpf: Fix a fd leak in error paths in open_netns (git-fixes).\n- selftests/bpf: Fix backtrace printing for selftests crashes (git-fixes).\n- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c (git-fixes).\n- selftests/bpf: Fix compile if backtrace support missing in libc (git-fixes).\n- selftests/bpf: Fix compiling core_reloc.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling flow_dissector.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling kfree_skb.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc (git-fixes).\n- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).\n- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling tc_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).\n- selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling decap_sanity.c with musl libc (git-fixes).\n- selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc (git-fixes).\n- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c (git-fixes).\n- selftests/bpf: Fix umount cgroup2 error in test_sockmap (git-fixes).\n- selftests/bpf: Use bpf_link__destroy in fill_link_info tests (git-fixes).\n- selftests/tracing: Fix event filter test to retry up to 10 times (git-fixes).\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).\n- serial: 8250_dw: handle reset control deassert error (git-fixes).\n- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).\n- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206).\n- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).\n- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).\n- staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes).\n- staging: axis-fifo: fix maximum TX packet length check (git-fixes).\n- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).\n- sunrpc: fix null pointer dereference on zero-length checksum (git-fixes).\n- tcp: Do not call reqsk_fastopen_remove() in tcp_conn_request() (git-fixes).\n- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).\n- tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes).\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes).\n- tracing/selftests: Fix kprobe event name test for .isra. functions (git-fixes).\n- tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes).\n- tracing: Fix filter string testing (git-fixes).\n- tracing: Remove unneeded goto out logic (bsc#1249286).\n- udf: Make sure i_lenExtents is uptodate on inode eviction (git-fixes).\n- udf: Verify partition map count (git-fixes).\n- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm (git-fixes).\n- usb: hub: Fix flushing of delayed work used for post resume purposes (git-fixes).\n- usb: hub: fix detection of high tier USB3 devices behind suspended hubs (git-fixes).\n- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).\n- usb: xhci: Avoid queuing redundant Stop Endpoint commands (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usb: xhci: Limit Stop Endpoint retries (git-fixes).\n- usbnet: Fix using smp_processor_id() in preemptible code warnings (git-fixes).\n- usbnet: Prevents free active kevent (git-fixes).\n- wifi: ath10k: Fix memory leak on unsupported WMI command (git-fixes).\n- wifi: ath11k: Add missing platform IDs for quirk table (git-fixes).\n- wifi: ath12k: free skb during idr cleanup callback (git-fixes).\n- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (git-fixes).\n- wifi: mac80211: reset FILS discovery and unsol probe resp intervals (git-fixes).\n- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 (stable-fixes).\n- wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes).\n- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).\n- xfs: rename the old_crc variable in xlog_recover_process (git-fixes).\n- xhci: dbc: enable back DbC in resume if it was enabled before suspend (git-fixes).\n- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-204",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_21040-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:21040-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202521040-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:21040-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023394.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012628",
"url": "https://bugzilla.suse.com/1012628"
},
{
"category": "self",
"summary": "SUSE Bug 1214954",
"url": "https://bugzilla.suse.com/1214954"
},
{
"category": "self",
"summary": "SUSE Bug 1215143",
"url": "https://bugzilla.suse.com/1215143"
},
{
"category": "self",
"summary": "SUSE Bug 1215199",
"url": "https://bugzilla.suse.com/1215199"
},
{
"category": "self",
"summary": "SUSE Bug 1216396",
"url": "https://bugzilla.suse.com/1216396"
},
{
"category": "self",
"summary": "SUSE Bug 1220419",
"url": "https://bugzilla.suse.com/1220419"
},
{
"category": "self",
"summary": "SUSE Bug 1236743",
"url": "https://bugzilla.suse.com/1236743"
},
{
"category": "self",
"summary": "SUSE Bug 1239206",
"url": "https://bugzilla.suse.com/1239206"
},
{
"category": "self",
"summary": "SUSE Bug 1244939",
"url": "https://bugzilla.suse.com/1244939"
},
{
"category": "self",
"summary": "SUSE Bug 1248211",
"url": "https://bugzilla.suse.com/1248211"
},
{
"category": "self",
"summary": "SUSE Bug 1248230",
"url": "https://bugzilla.suse.com/1248230"
},
{
"category": "self",
"summary": "SUSE Bug 1248517",
"url": "https://bugzilla.suse.com/1248517"
},
{
"category": "self",
"summary": "SUSE Bug 1248630",
"url": "https://bugzilla.suse.com/1248630"
},
{
"category": "self",
"summary": "SUSE Bug 1248754",
"url": "https://bugzilla.suse.com/1248754"
},
{
"category": "self",
"summary": "SUSE Bug 1248886",
"url": "https://bugzilla.suse.com/1248886"
},
{
"category": "self",
"summary": "SUSE Bug 1249161",
"url": "https://bugzilla.suse.com/1249161"
},
{
"category": "self",
"summary": "SUSE Bug 1249182",
"url": "https://bugzilla.suse.com/1249182"
},
{
"category": "self",
"summary": "SUSE Bug 1249224",
"url": "https://bugzilla.suse.com/1249224"
},
{
"category": "self",
"summary": "SUSE Bug 1249286",
"url": "https://bugzilla.suse.com/1249286"
},
{
"category": "self",
"summary": "SUSE Bug 1249302",
"url": "https://bugzilla.suse.com/1249302"
},
{
"category": "self",
"summary": "SUSE Bug 1249317",
"url": "https://bugzilla.suse.com/1249317"
},
{
"category": "self",
"summary": "SUSE Bug 1249319",
"url": "https://bugzilla.suse.com/1249319"
},
{
"category": "self",
"summary": "SUSE Bug 1249320",
"url": "https://bugzilla.suse.com/1249320"
},
{
"category": "self",
"summary": "SUSE Bug 1249512",
"url": "https://bugzilla.suse.com/1249512"
},
{
"category": "self",
"summary": "SUSE Bug 1249595",
"url": "https://bugzilla.suse.com/1249595"
},
{
"category": "self",
"summary": "SUSE Bug 1249608",
"url": "https://bugzilla.suse.com/1249608"
},
{
"category": "self",
"summary": "SUSE Bug 1250032",
"url": "https://bugzilla.suse.com/1250032"
},
{
"category": "self",
"summary": "SUSE Bug 1250119",
"url": "https://bugzilla.suse.com/1250119"
},
{
"category": "self",
"summary": "SUSE Bug 1250202",
"url": "https://bugzilla.suse.com/1250202"
},
{
"category": "self",
"summary": "SUSE Bug 1250205",
"url": "https://bugzilla.suse.com/1250205"
},
{
"category": "self",
"summary": "SUSE Bug 1250237",
"url": "https://bugzilla.suse.com/1250237"
},
{
"category": "self",
"summary": "SUSE Bug 1250274",
"url": "https://bugzilla.suse.com/1250274"
},
{
"category": "self",
"summary": "SUSE Bug 1250296",
"url": "https://bugzilla.suse.com/1250296"
},
{
"category": "self",
"summary": "SUSE Bug 1250379",
"url": "https://bugzilla.suse.com/1250379"
},
{
"category": "self",
"summary": "SUSE Bug 1250400",
"url": "https://bugzilla.suse.com/1250400"
},
{
"category": "self",
"summary": "SUSE Bug 1250455",
"url": "https://bugzilla.suse.com/1250455"
},
{
"category": "self",
"summary": "SUSE Bug 1250491",
"url": "https://bugzilla.suse.com/1250491"
},
{
"category": "self",
"summary": "SUSE Bug 1250519",
"url": "https://bugzilla.suse.com/1250519"
},
{
"category": "self",
"summary": "SUSE Bug 1250650",
"url": "https://bugzilla.suse.com/1250650"
},
{
"category": "self",
"summary": "SUSE Bug 1250702",
"url": "https://bugzilla.suse.com/1250702"
},
{
"category": "self",
"summary": "SUSE Bug 1250704",
"url": "https://bugzilla.suse.com/1250704"
},
{
"category": "self",
"summary": "SUSE Bug 1250721",
"url": "https://bugzilla.suse.com/1250721"
},
{
"category": "self",
"summary": "SUSE Bug 1250742",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "self",
"summary": "SUSE Bug 1250946",
"url": "https://bugzilla.suse.com/1250946"
},
{
"category": "self",
"summary": "SUSE Bug 1251024",
"url": "https://bugzilla.suse.com/1251024"
},
{
"category": "self",
"summary": "SUSE Bug 1251027",
"url": "https://bugzilla.suse.com/1251027"
},
{
"category": "self",
"summary": "SUSE Bug 1251028",
"url": "https://bugzilla.suse.com/1251028"
},
{
"category": "self",
"summary": "SUSE Bug 1251031",
"url": "https://bugzilla.suse.com/1251031"
},
{
"category": "self",
"summary": "SUSE Bug 1251035",
"url": "https://bugzilla.suse.com/1251035"
},
{
"category": "self",
"summary": "SUSE Bug 1251038",
"url": "https://bugzilla.suse.com/1251038"
},
{
"category": "self",
"summary": "SUSE Bug 1251043",
"url": "https://bugzilla.suse.com/1251043"
},
{
"category": "self",
"summary": "SUSE Bug 1251045",
"url": "https://bugzilla.suse.com/1251045"
},
{
"category": "self",
"summary": "SUSE Bug 1251052",
"url": "https://bugzilla.suse.com/1251052"
},
{
"category": "self",
"summary": "SUSE Bug 1251053",
"url": "https://bugzilla.suse.com/1251053"
},
{
"category": "self",
"summary": "SUSE Bug 1251054",
"url": "https://bugzilla.suse.com/1251054"
},
{
"category": "self",
"summary": "SUSE Bug 1251056",
"url": "https://bugzilla.suse.com/1251056"
},
{
"category": "self",
"summary": "SUSE Bug 1251057",
"url": "https://bugzilla.suse.com/1251057"
},
{
"category": "self",
"summary": "SUSE Bug 1251059",
"url": "https://bugzilla.suse.com/1251059"
},
{
"category": "self",
"summary": "SUSE Bug 1251060",
"url": "https://bugzilla.suse.com/1251060"
},
{
"category": "self",
"summary": "SUSE Bug 1251065",
"url": "https://bugzilla.suse.com/1251065"
},
{
"category": "self",
"summary": "SUSE Bug 1251066",
"url": "https://bugzilla.suse.com/1251066"
},
{
"category": "self",
"summary": "SUSE Bug 1251067",
"url": "https://bugzilla.suse.com/1251067"
},
{
"category": "self",
"summary": "SUSE Bug 1251068",
"url": "https://bugzilla.suse.com/1251068"
},
{
"category": "self",
"summary": "SUSE Bug 1251071",
"url": "https://bugzilla.suse.com/1251071"
},
{
"category": "self",
"summary": "SUSE Bug 1251076",
"url": "https://bugzilla.suse.com/1251076"
},
{
"category": "self",
"summary": "SUSE Bug 1251079",
"url": "https://bugzilla.suse.com/1251079"
},
{
"category": "self",
"summary": "SUSE Bug 1251081",
"url": "https://bugzilla.suse.com/1251081"
},
{
"category": "self",
"summary": "SUSE Bug 1251083",
"url": "https://bugzilla.suse.com/1251083"
},
{
"category": "self",
"summary": "SUSE Bug 1251084",
"url": "https://bugzilla.suse.com/1251084"
},
{
"category": "self",
"summary": "SUSE Bug 1251100",
"url": "https://bugzilla.suse.com/1251100"
},
{
"category": "self",
"summary": "SUSE Bug 1251105",
"url": "https://bugzilla.suse.com/1251105"
},
{
"category": "self",
"summary": "SUSE Bug 1251106",
"url": "https://bugzilla.suse.com/1251106"
},
{
"category": "self",
"summary": "SUSE Bug 1251108",
"url": "https://bugzilla.suse.com/1251108"
},
{
"category": "self",
"summary": "SUSE Bug 1251113",
"url": "https://bugzilla.suse.com/1251113"
},
{
"category": "self",
"summary": "SUSE Bug 1251114",
"url": "https://bugzilla.suse.com/1251114"
},
{
"category": "self",
"summary": "SUSE Bug 1251119",
"url": "https://bugzilla.suse.com/1251119"
},
{
"category": "self",
"summary": "SUSE Bug 1251123",
"url": "https://bugzilla.suse.com/1251123"
},
{
"category": "self",
"summary": "SUSE Bug 1251126",
"url": "https://bugzilla.suse.com/1251126"
},
{
"category": "self",
"summary": "SUSE Bug 1251132",
"url": "https://bugzilla.suse.com/1251132"
},
{
"category": "self",
"summary": "SUSE Bug 1251134",
"url": "https://bugzilla.suse.com/1251134"
},
{
"category": "self",
"summary": "SUSE Bug 1251143",
"url": "https://bugzilla.suse.com/1251143"
},
{
"category": "self",
"summary": "SUSE Bug 1251146",
"url": "https://bugzilla.suse.com/1251146"
},
{
"category": "self",
"summary": "SUSE Bug 1251150",
"url": "https://bugzilla.suse.com/1251150"
},
{
"category": "self",
"summary": "SUSE Bug 1251152",
"url": "https://bugzilla.suse.com/1251152"
},
{
"category": "self",
"summary": "SUSE Bug 1251153",
"url": "https://bugzilla.suse.com/1251153"
},
{
"category": "self",
"summary": "SUSE Bug 1251159",
"url": "https://bugzilla.suse.com/1251159"
},
{
"category": "self",
"summary": "SUSE Bug 1251161",
"url": "https://bugzilla.suse.com/1251161"
},
{
"category": "self",
"summary": "SUSE Bug 1251170",
"url": "https://bugzilla.suse.com/1251170"
},
{
"category": "self",
"summary": "SUSE Bug 1251177",
"url": "https://bugzilla.suse.com/1251177"
},
{
"category": "self",
"summary": "SUSE Bug 1251180",
"url": "https://bugzilla.suse.com/1251180"
},
{
"category": "self",
"summary": "SUSE Bug 1251206",
"url": "https://bugzilla.suse.com/1251206"
},
{
"category": "self",
"summary": "SUSE Bug 1251215",
"url": "https://bugzilla.suse.com/1251215"
},
{
"category": "self",
"summary": "SUSE Bug 1251216",
"url": "https://bugzilla.suse.com/1251216"
},
{
"category": "self",
"summary": "SUSE Bug 1251222",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "self",
"summary": "SUSE Bug 1251230",
"url": "https://bugzilla.suse.com/1251230"
},
{
"category": "self",
"summary": "SUSE Bug 1251232",
"url": "https://bugzilla.suse.com/1251232"
},
{
"category": "self",
"summary": "SUSE Bug 1251233",
"url": "https://bugzilla.suse.com/1251233"
},
{
"category": "self",
"summary": "SUSE Bug 1251247",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "self",
"summary": "SUSE Bug 1251268",
"url": "https://bugzilla.suse.com/1251268"
},
{
"category": "self",
"summary": "SUSE Bug 1251269",
"url": "https://bugzilla.suse.com/1251269"
},
{
"category": "self",
"summary": "SUSE Bug 1251270",
"url": "https://bugzilla.suse.com/1251270"
},
{
"category": "self",
"summary": "SUSE Bug 1251282",
"url": "https://bugzilla.suse.com/1251282"
},
{
"category": "self",
"summary": "SUSE Bug 1251283",
"url": "https://bugzilla.suse.com/1251283"
},
{
"category": "self",
"summary": "SUSE Bug 1251286",
"url": "https://bugzilla.suse.com/1251286"
},
{
"category": "self",
"summary": "SUSE Bug 1251290",
"url": "https://bugzilla.suse.com/1251290"
},
{
"category": "self",
"summary": "SUSE Bug 1251319",
"url": "https://bugzilla.suse.com/1251319"
},
{
"category": "self",
"summary": "SUSE Bug 1251321",
"url": "https://bugzilla.suse.com/1251321"
},
{
"category": "self",
"summary": "SUSE Bug 1251323",
"url": "https://bugzilla.suse.com/1251323"
},
{
"category": "self",
"summary": "SUSE Bug 1251328",
"url": "https://bugzilla.suse.com/1251328"
},
{
"category": "self",
"summary": "SUSE Bug 1251529",
"url": "https://bugzilla.suse.com/1251529"
},
{
"category": "self",
"summary": "SUSE Bug 1251721",
"url": "https://bugzilla.suse.com/1251721"
},
{
"category": "self",
"summary": "SUSE Bug 1251732",
"url": "https://bugzilla.suse.com/1251732"
},
{
"category": "self",
"summary": "SUSE Bug 1251742",
"url": "https://bugzilla.suse.com/1251742"
},
{
"category": "self",
"summary": "SUSE Bug 1251743",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "self",
"summary": "SUSE Bug 1251746",
"url": "https://bugzilla.suse.com/1251746"
},
{
"category": "self",
"summary": "SUSE Bug 1251748",
"url": "https://bugzilla.suse.com/1251748"
},
{
"category": "self",
"summary": "SUSE Bug 1251749",
"url": "https://bugzilla.suse.com/1251749"
},
{
"category": "self",
"summary": "SUSE Bug 1251750",
"url": "https://bugzilla.suse.com/1251750"
},
{
"category": "self",
"summary": "SUSE Bug 1251754",
"url": "https://bugzilla.suse.com/1251754"
},
{
"category": "self",
"summary": "SUSE Bug 1251755",
"url": "https://bugzilla.suse.com/1251755"
},
{
"category": "self",
"summary": "SUSE Bug 1251756",
"url": "https://bugzilla.suse.com/1251756"
},
{
"category": "self",
"summary": "SUSE Bug 1251758",
"url": "https://bugzilla.suse.com/1251758"
},
{
"category": "self",
"summary": "SUSE Bug 1251759",
"url": "https://bugzilla.suse.com/1251759"
},
{
"category": "self",
"summary": "SUSE Bug 1251760",
"url": "https://bugzilla.suse.com/1251760"
},
{
"category": "self",
"summary": "SUSE Bug 1251762",
"url": "https://bugzilla.suse.com/1251762"
},
{
"category": "self",
"summary": "SUSE Bug 1251763",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "self",
"summary": "SUSE Bug 1251764",
"url": "https://bugzilla.suse.com/1251764"
},
{
"category": "self",
"summary": "SUSE Bug 1251769",
"url": "https://bugzilla.suse.com/1251769"
},
{
"category": "self",
"summary": "SUSE Bug 1251771",
"url": "https://bugzilla.suse.com/1251771"
},
{
"category": "self",
"summary": "SUSE Bug 1251772",
"url": "https://bugzilla.suse.com/1251772"
},
{
"category": "self",
"summary": "SUSE Bug 1251777",
"url": "https://bugzilla.suse.com/1251777"
},
{
"category": "self",
"summary": "SUSE Bug 1251780",
"url": "https://bugzilla.suse.com/1251780"
},
{
"category": "self",
"summary": "SUSE Bug 1251804",
"url": "https://bugzilla.suse.com/1251804"
},
{
"category": "self",
"summary": "SUSE Bug 1251810",
"url": "https://bugzilla.suse.com/1251810"
},
{
"category": "self",
"summary": "SUSE Bug 1251930",
"url": "https://bugzilla.suse.com/1251930"
},
{
"category": "self",
"summary": "SUSE Bug 1251967",
"url": "https://bugzilla.suse.com/1251967"
},
{
"category": "self",
"summary": "SUSE Bug 1252033",
"url": "https://bugzilla.suse.com/1252033"
},
{
"category": "self",
"summary": "SUSE Bug 1252035",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "self",
"summary": "SUSE Bug 1252039",
"url": "https://bugzilla.suse.com/1252039"
},
{
"category": "self",
"summary": "SUSE Bug 1252044",
"url": "https://bugzilla.suse.com/1252044"
},
{
"category": "self",
"summary": "SUSE Bug 1252047",
"url": "https://bugzilla.suse.com/1252047"
},
{
"category": "self",
"summary": "SUSE Bug 1252051",
"url": "https://bugzilla.suse.com/1252051"
},
{
"category": "self",
"summary": "SUSE Bug 1252052",
"url": "https://bugzilla.suse.com/1252052"
},
{
"category": "self",
"summary": "SUSE Bug 1252056",
"url": "https://bugzilla.suse.com/1252056"
},
{
"category": "self",
"summary": "SUSE Bug 1252060",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "self",
"summary": "SUSE Bug 1252062",
"url": "https://bugzilla.suse.com/1252062"
},
{
"category": "self",
"summary": "SUSE Bug 1252064",
"url": "https://bugzilla.suse.com/1252064"
},
{
"category": "self",
"summary": "SUSE Bug 1252065",
"url": "https://bugzilla.suse.com/1252065"
},
{
"category": "self",
"summary": "SUSE Bug 1252069",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "self",
"summary": "SUSE Bug 1252070",
"url": "https://bugzilla.suse.com/1252070"
},
{
"category": "self",
"summary": "SUSE Bug 1252072",
"url": "https://bugzilla.suse.com/1252072"
},
{
"category": "self",
"summary": "SUSE Bug 1252074",
"url": "https://bugzilla.suse.com/1252074"
},
{
"category": "self",
"summary": "SUSE Bug 1252075",
"url": "https://bugzilla.suse.com/1252075"
},
{
"category": "self",
"summary": "SUSE Bug 1252078",
"url": "https://bugzilla.suse.com/1252078"
},
{
"category": "self",
"summary": "SUSE Bug 1252079",
"url": "https://bugzilla.suse.com/1252079"
},
{
"category": "self",
"summary": "SUSE Bug 1252082",
"url": "https://bugzilla.suse.com/1252082"
},
{
"category": "self",
"summary": "SUSE Bug 1252083",
"url": "https://bugzilla.suse.com/1252083"
},
{
"category": "self",
"summary": "SUSE Bug 1252265",
"url": "https://bugzilla.suse.com/1252265"
},
{
"category": "self",
"summary": "SUSE Bug 1252269",
"url": "https://bugzilla.suse.com/1252269"
},
{
"category": "self",
"summary": "SUSE Bug 1252332",
"url": "https://bugzilla.suse.com/1252332"
},
{
"category": "self",
"summary": "SUSE Bug 1252336",
"url": "https://bugzilla.suse.com/1252336"
},
{
"category": "self",
"summary": "SUSE Bug 1252346",
"url": "https://bugzilla.suse.com/1252346"
},
{
"category": "self",
"summary": "SUSE Bug 1252348",
"url": "https://bugzilla.suse.com/1252348"
},
{
"category": "self",
"summary": "SUSE Bug 1252349",
"url": "https://bugzilla.suse.com/1252349"
},
{
"category": "self",
"summary": "SUSE Bug 1252364",
"url": "https://bugzilla.suse.com/1252364"
},
{
"category": "self",
"summary": "SUSE Bug 1252479",
"url": "https://bugzilla.suse.com/1252479"
},
{
"category": "self",
"summary": "SUSE Bug 1252481",
"url": "https://bugzilla.suse.com/1252481"
},
{
"category": "self",
"summary": "SUSE Bug 1252489",
"url": "https://bugzilla.suse.com/1252489"
},
{
"category": "self",
"summary": "SUSE Bug 1252490",
"url": "https://bugzilla.suse.com/1252490"
},
{
"category": "self",
"summary": "SUSE Bug 1252492",
"url": "https://bugzilla.suse.com/1252492"
},
{
"category": "self",
"summary": "SUSE Bug 1252495",
"url": "https://bugzilla.suse.com/1252495"
},
{
"category": "self",
"summary": "SUSE Bug 1252496",
"url": "https://bugzilla.suse.com/1252496"
},
{
"category": "self",
"summary": "SUSE Bug 1252499",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "self",
"summary": "SUSE Bug 1252534",
"url": "https://bugzilla.suse.com/1252534"
},
{
"category": "self",
"summary": "SUSE Bug 1252536",
"url": "https://bugzilla.suse.com/1252536"
},
{
"category": "self",
"summary": "SUSE Bug 1252537",
"url": "https://bugzilla.suse.com/1252537"
},
{
"category": "self",
"summary": "SUSE Bug 1252550",
"url": "https://bugzilla.suse.com/1252550"
},
{
"category": "self",
"summary": "SUSE Bug 1252553",
"url": "https://bugzilla.suse.com/1252553"
},
{
"category": "self",
"summary": "SUSE Bug 1252559",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "self",
"summary": "SUSE Bug 1252561",
"url": "https://bugzilla.suse.com/1252561"
},
{
"category": "self",
"summary": "SUSE Bug 1252564",
"url": "https://bugzilla.suse.com/1252564"
},
{
"category": "self",
"summary": "SUSE Bug 1252565",
"url": "https://bugzilla.suse.com/1252565"
},
{
"category": "self",
"summary": "SUSE Bug 1252566",
"url": "https://bugzilla.suse.com/1252566"
},
{
"category": "self",
"summary": "SUSE Bug 1252632",
"url": "https://bugzilla.suse.com/1252632"
},
{
"category": "self",
"summary": "SUSE Bug 1252668",
"url": "https://bugzilla.suse.com/1252668"
},
{
"category": "self",
"summary": "SUSE Bug 1252678",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "self",
"summary": "SUSE Bug 1252679",
"url": "https://bugzilla.suse.com/1252679"
},
{
"category": "self",
"summary": "SUSE Bug 1252685",
"url": "https://bugzilla.suse.com/1252685"
},
{
"category": "self",
"summary": "SUSE Bug 1252688",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "self",
"summary": "SUSE Bug 1252772",
"url": "https://bugzilla.suse.com/1252772"
},
{
"category": "self",
"summary": "SUSE Bug 1252774",
"url": "https://bugzilla.suse.com/1252774"
},
{
"category": "self",
"summary": "SUSE Bug 1252775",
"url": "https://bugzilla.suse.com/1252775"
},
{
"category": "self",
"summary": "SUSE Bug 1252785",
"url": "https://bugzilla.suse.com/1252785"
},
{
"category": "self",
"summary": "SUSE Bug 1252787",
"url": "https://bugzilla.suse.com/1252787"
},
{
"category": "self",
"summary": "SUSE Bug 1252789",
"url": "https://bugzilla.suse.com/1252789"
},
{
"category": "self",
"summary": "SUSE Bug 1252797",
"url": "https://bugzilla.suse.com/1252797"
},
{
"category": "self",
"summary": "SUSE Bug 1252822",
"url": "https://bugzilla.suse.com/1252822"
},
{
"category": "self",
"summary": "SUSE Bug 1252826",
"url": "https://bugzilla.suse.com/1252826"
},
{
"category": "self",
"summary": "SUSE Bug 1252841",
"url": "https://bugzilla.suse.com/1252841"
},
{
"category": "self",
"summary": "SUSE Bug 1252848",
"url": "https://bugzilla.suse.com/1252848"
},
{
"category": "self",
"summary": "SUSE Bug 1252849",
"url": "https://bugzilla.suse.com/1252849"
},
{
"category": "self",
"summary": "SUSE Bug 1252850",
"url": "https://bugzilla.suse.com/1252850"
},
{
"category": "self",
"summary": "SUSE Bug 1252851",
"url": "https://bugzilla.suse.com/1252851"
},
{
"category": "self",
"summary": "SUSE Bug 1252854",
"url": "https://bugzilla.suse.com/1252854"
},
{
"category": "self",
"summary": "SUSE Bug 1252858",
"url": "https://bugzilla.suse.com/1252858"
},
{
"category": "self",
"summary": "SUSE Bug 1252865",
"url": "https://bugzilla.suse.com/1252865"
},
{
"category": "self",
"summary": "SUSE Bug 1252866",
"url": "https://bugzilla.suse.com/1252866"
},
{
"category": "self",
"summary": "SUSE Bug 1252873",
"url": "https://bugzilla.suse.com/1252873"
},
{
"category": "self",
"summary": "SUSE Bug 1252902",
"url": "https://bugzilla.suse.com/1252902"
},
{
"category": "self",
"summary": "SUSE Bug 1252904",
"url": "https://bugzilla.suse.com/1252904"
},
{
"category": "self",
"summary": "SUSE Bug 1252909",
"url": "https://bugzilla.suse.com/1252909"
},
{
"category": "self",
"summary": "SUSE Bug 1252918",
"url": "https://bugzilla.suse.com/1252918"
},
{
"category": "self",
"summary": "SUSE Bug 1252939",
"url": "https://bugzilla.suse.com/1252939"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53538 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53538/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53539 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53540 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53540/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53541 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53543 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53543/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53546 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53546/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53548 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53548/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53550 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53550/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53552 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53553 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53553/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53554 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53555 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53555/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53556 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53556/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53557 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53557/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53558 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53560 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53563 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53563/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53568 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53568/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53570 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53572 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53574 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53575 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53577 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53579 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53580 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53581 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53583 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53585 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53588 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53596 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53599 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53600 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53601 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53602 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53603 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53613 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53615 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53616 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53617 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53618 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53619 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53621 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53622 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53631 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53632 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53633 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53638 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53645 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53646 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53647 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53648 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53649 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53650 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53652 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53653 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53654 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53654/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53656 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53657 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53658 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53659 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53660 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53662 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53663 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53665 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53666 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53668 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53670 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53672 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53673 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53674 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53681 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53686 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53687 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53687/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53693 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53707 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53707/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53708 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53711 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53711/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53713 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53718 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53727 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53731 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53733 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38539 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38552 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38552/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38653 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38699 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38700 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39676 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39683 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39697 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39812 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39813 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39841 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39851 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39866 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39876 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39895 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39895/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39898 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39902 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39931 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39934 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39937 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39945 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39946 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39952 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39955 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39957 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39957/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39965 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39965/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39967 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39967/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39968 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39969 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39970 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39970/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39972 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39973 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39978 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39981 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39982 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39985 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39986 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39987 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39988 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39991 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39991/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39993 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39994 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39994/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39995 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40005 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40010 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40016 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40018 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40019 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40020 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40029 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40035 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40036 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40043 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40044 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40049 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40051 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40052 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40061 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40062 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40078 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40080 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40082 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40087 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40088 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40096 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40100 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40100/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2025-11-13T15:32:12Z",
"generator": {
"date": "2025-11-13T15:32:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:21040-1",
"initial_release_date": "2025-11-13T15:32:12Z",
"revision_history": [
{
"date": "2025-11-13T15:32:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-36.1.aarch64",
"product_id": "kernel-default-6.4.0-36.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-36.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-36.1.noarch",
"product_id": "kernel-devel-6.4.0-36.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-36.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-36.1.noarch",
"product_id": "kernel-macros-6.4.0-36.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-36.1.noarch",
"product": {
"name": "kernel-source-6.4.0-36.1.noarch",
"product_id": "kernel-source-6.4.0-36.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-6.4.0-36.1.s390x",
"product_id": "kernel-default-6.4.0-36.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-36.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-36.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-36.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-36.1.x86_64",
"product_id": "kernel-default-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"product_id": "kernel-default-base-6.4.0-36.1.21.13.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-36.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-36.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-36.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-36.1.21.13.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-36.1.21.13.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-36.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-36.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-36.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-36.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-36.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
},
"product_reference": "kernel-source-6.4.0-36.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53538",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53538"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: insert tree mod log move in push_node_left\n\nThere is a fairly unlikely race condition in tree mod log rewind that\ncan result in a kernel panic which has the following trace:\n\n [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096\n [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002\n [530.618] #PF: supervisor read access in kernel mode\n [530.629] #PF: error_code(0x0000) - not-present page\n [530.641] PGD 0 P4D 0\n [530.647] Oops: 0000 [#1] SMP\n [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1\n [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017\n [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00\n [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246\n [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100\n [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8\n [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff\n [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000\n [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0\n [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000\n [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0\n [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [530.928] Call Trace:\n [530.934] ? btrfs_printk+0x13b/0x18c\n [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130\n [530.955] btrfs_map_bio+0x75/0x330\n [530.963] ? kmem_cache_alloc+0x12a/0x2d0\n [530.973] ? btrfs_submit_metadata_bio+0x63/0x100\n [530.984] btrfs_submit_metadata_bio+0xa4/0x100\n [530.995] submit_extent_page+0x30f/0x360\n [531.004] read_extent_buffer_pages+0x49e/0x6d0\n [531.015] ? submit_extent_page+0x360/0x360\n [531.025] btree_read_extent_buffer_pages+0x5f/0x150\n [531.037] read_tree_block+0x37/0x60\n [531.046] read_block_for_search+0x18b/0x410\n [531.056] btrfs_search_old_slot+0x198/0x2f0\n [531.066] resolve_indirect_ref+0xfe/0x6f0\n [531.076] ? ulist_alloc+0x31/0x60\n [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0\n [531.095] find_parent_nodes+0x720/0x1830\n [531.105] ? ulist_alloc+0x10/0x60\n [531.113] iterate_extent_inodes+0xea/0x370\n [531.123] ? btrfs_previous_extent_item+0x8f/0x110\n [531.134] ? btrfs_search_path_in_tree+0x240/0x240\n [531.146] iterate_inodes_from_logical+0x98/0xd0\n [531.157] ? btrfs_search_path_in_tree+0x240/0x240\n [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180\n [531.179] btrfs_ioctl+0xe2/0x2eb0\n\nThis occurs when logical inode resolution takes a tree mod log sequence\nnumber, and then while backref walking hits a rewind on a busy node\nwhich has the following sequence of tree mod log operations (numbers\nfilled in from a specific example, but they are somewhat arbitrary)\n\n REMOVE_WHILE_FREEING slot 532\n REMOVE_WHILE_FREEING slot 531\n REMOVE_WHILE_FREEING slot 530\n ...\n REMOVE_WHILE_FREEING slot 0\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n ADD slot 455\n ADD slot 454\n ADD slot 453\n ...\n ADD slot 0\n MOVE src slot 0 -\u003e dst slot 456 nritems 533\n REMOVE slot 455\n REMOVE slot 454\n REMOVE slot 453\n ...\n REMOVE slot 0\n\nWhen this sequence gets applied via btrfs_tree_mod_log_rewind, it\nallocates a fresh rewind eb, and first inserts the correct key info for\nthe 533 elements, then overwrites the first 456 of them, then decrements\nthe count by 456 via the add ops, then rewinds the move by doing a\nmemmove from 456:988-\u003e0:532. We have never written anything past 532,\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53538",
"url": "https://www.suse.com/security/cve/CVE-2023-53538"
},
{
"category": "external",
"summary": "SUSE Bug 1251024 for CVE-2023-53538",
"url": "https://bugzilla.suse.com/1251024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53538"
},
{
"cve": "CVE-2023-53539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix incomplete state save in rxe_requester\n\nIf a send packet is dropped by the IP layer in rxe_requester()\nthe call to rxe_xmit_packet() can fail with err == -EAGAIN.\nTo recover, the state of the wqe is restored to the state before\nthe packet was sent so it can be resent. However, the routines\nthat save and restore the state miss a significnt part of the\nvariable state in the wqe, the dma struct which is used to process\nthrough the sge table. And, the state is not saved before the packet\nis built which modifies the dma struct.\n\nUnder heavy stress testing with many QPs on a fast node sending\nlarge messages to a slow node dropped packets are observed and\nthe resent packets are corrupted because the dma struct was not\nrestored. This patch fixes this behavior and allows the test cases\nto succeed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53539",
"url": "https://www.suse.com/security/cve/CVE-2023-53539"
},
{
"category": "external",
"summary": "SUSE Bug 1251060 for CVE-2023-53539",
"url": "https://bugzilla.suse.com/1251060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53539"
},
{
"cve": "CVE-2023-53540",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53540"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: reject auth/assoc to AP with our address\n\nIf the AP uses our own address as its MLD address or BSSID, then\nclearly something\u0027s wrong. Reject such connections so we don\u0027t\ntry and fail later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53540",
"url": "https://www.suse.com/security/cve/CVE-2023-53540"
},
{
"category": "external",
"summary": "SUSE Bug 1251053 for CVE-2023-53540",
"url": "https://bugzilla.suse.com/1251053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53540"
},
{
"cve": "CVE-2023-53541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53541"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write\n\nWhen the oob buffer length is not in multiple of words, the oob write\nfunction does out-of-bounds read on the oob source buffer at the last\niteration. Fix that by always checking length limit on the oob buffer\nread and fill with 0xff when reaching the end of the buffer to the oob\nregisters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53541",
"url": "https://www.suse.com/security/cve/CVE-2023-53541"
},
{
"category": "external",
"summary": "SUSE Bug 1251043 for CVE-2023-53541",
"url": "https://bugzilla.suse.com/1251043"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53541"
},
{
"cve": "CVE-2023-53543",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53543"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa max vqp attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53543",
"url": "https://www.suse.com/security/cve/CVE-2023-53543"
},
{
"category": "external",
"summary": "SUSE Bug 1251083 for CVE-2023-53543",
"url": "https://bugzilla.suse.com/1251083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53543"
},
{
"cve": "CVE-2023-53545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv-\u003ecsa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097] \u003cTASK\u003e\n[14616.937102] amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187] drm_file_free+0x1d6/0x300 [drm]\n[14616.937207] drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220] drm_release+0x5e/0x100 [drm]\n[14616.937234] __fput+0x9f/0x280\n[14616.937239] ____fput+0xe/0x20\n[14616.937241] task_work_run+0x61/0x90\n[14616.937246] exit_to_user_mode_prepare+0x215/0x220\n[14616.937251] syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254] do_syscall_64+0x48/0x90\n[14616.937257] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53545",
"url": "https://www.suse.com/security/cve/CVE-2023-53545"
},
{
"category": "external",
"summary": "SUSE Bug 1251084 for CVE-2023-53545",
"url": "https://bugzilla.suse.com/1251084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53545"
},
{
"cve": "CVE-2023-53546",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53546"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx\n\nwhen mlx5_cmd_exec failed in mlx5dr_cmd_create_reformat_ctx, the memory\npointed by \u0027in\u0027 is not released, which will cause memory leak. Move memory\nrelease after mlx5_cmd_exec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53546",
"url": "https://www.suse.com/security/cve/CVE-2023-53546"
},
{
"category": "external",
"summary": "SUSE Bug 1251079 for CVE-2023-53546",
"url": "https://bugzilla.suse.com/1251079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53546"
},
{
"cve": "CVE-2023-53548",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53548"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb \u003c0f\u003e 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53548",
"url": "https://www.suse.com/security/cve/CVE-2023-53548"
},
{
"category": "external",
"summary": "SUSE Bug 1251066 for CVE-2023-53548",
"url": "https://bugzilla.suse.com/1251066"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53548"
},
{
"cve": "CVE-2023-53550",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53550"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate: fix global sysfs attribute type\n\nIn commit 3666062b87ec (\"cpufreq: amd-pstate: move to use bus_get_dev_root()\")\nthe \"amd_pstate\" attributes where moved from a dedicated kobject to the\ncpu root kobject.\n\nWhile the dedicated kobject expects to contain kobj_attributes the root\nkobject needs device_attributes.\n\nAs the changed arguments are not used by the callbacks it works most of\nthe time.\nHowever CFI will detect this issue:\n\n[ 4947.849350] CFI failure at dev_attr_show+0x24/0x60 (target: show_status+0x0/0x70; expected type: 0x8651b1de)\n...\n[ 4947.849409] Call Trace:\n[ 4947.849410] \u003cTASK\u003e\n[ 4947.849411] ? __warn+0xcf/0x1c0\n[ 4947.849414] ? dev_attr_show+0x24/0x60\n[ 4947.849415] ? report_cfi_failure+0x4e/0x60\n[ 4947.849417] ? handle_cfi_failure+0x14c/0x1d0\n[ 4947.849419] ? __cfi_show_status+0x10/0x10\n[ 4947.849420] ? handle_bug+0x4f/0x90\n[ 4947.849421] ? exc_invalid_op+0x1a/0x60\n[ 4947.849422] ? asm_exc_invalid_op+0x1a/0x20\n[ 4947.849424] ? __cfi_show_status+0x10/0x10\n[ 4947.849425] ? dev_attr_show+0x24/0x60\n[ 4947.849426] sysfs_kf_seq_show+0xa6/0x110\n[ 4947.849433] seq_read_iter+0x16c/0x4b0\n[ 4947.849436] vfs_read+0x272/0x2d0\n[ 4947.849438] ksys_read+0x72/0xe0\n[ 4947.849439] do_syscall_64+0x76/0xb0\n[ 4947.849440] ? do_user_addr_fault+0x252/0x650\n[ 4947.849442] ? exc_page_fault+0x7a/0x1b0\n[ 4947.849443] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53550",
"url": "https://www.suse.com/security/cve/CVE-2023-53550"
},
{
"category": "external",
"summary": "SUSE Bug 1251071 for CVE-2023-53550",
"url": "https://bugzilla.suse.com/1251071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53550"
},
{
"cve": "CVE-2023-53552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: mark requests for GuC virtual engines to avoid use-after-free\n\nReferences to i915_requests may be trapped by userspace inside a\nsync_file or dmabuf (dma-resv) and held indefinitely across different\nproceses. To counter-act the memory leaks, we try to not to keep\nreferences from the request past their completion.\nOn the other side on fence release we need to know if rq-\u003eengine\nis valid and points to hw engine (true for non-virtual requests).\nTo make it possible extra bit has been added to rq-\u003eexecution_mask,\nfor marking virtual engines.\n\n(cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53552",
"url": "https://www.suse.com/security/cve/CVE-2023-53552"
},
{
"category": "external",
"summary": "SUSE Bug 1251065 for CVE-2023-53552",
"url": "https://bugzilla.suse.com/1251065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53552"
},
{
"cve": "CVE-2023-53553",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53553"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hyperv: avoid struct memcpy overrun warning\n\nA previous patch addressed the fortified memcpy warning for most\nbuilds, but I still see this one with gcc-9:\n\nIn file included from include/linux/string.h:254,\n from drivers/hid/hid-hyperv.c:8:\nIn function \u0027fortify_memcpy_chk\u0027,\n inlined from \u0027mousevsc_on_receive\u0027 at drivers/hid/hid-hyperv.c:272:3:\ninclude/linux/fortify-string.h:583:4: error: call to \u0027__write_overflow_field\u0027 declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning]\n 583 | __write_overflow_field(p_size_field, size);\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMy guess is that the WARN_ON() itself is what confuses gcc, so it no\nlonger sees that there is a correct range check. Rework the code in a\nway that helps readability and avoids the warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53553",
"url": "https://www.suse.com/security/cve/CVE-2023-53553"
},
{
"category": "external",
"summary": "SUSE Bug 1251068 for CVE-2023-53553",
"url": "https://bugzilla.suse.com/1251068"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53553"
},
{
"cve": "CVE-2023-53554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()\n\nThe \"exc-\u003ekey_len\" is a u16 that comes from the user. If it\u0027s over\nIW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53554",
"url": "https://www.suse.com/security/cve/CVE-2023-53554"
},
{
"category": "external",
"summary": "SUSE Bug 1251057 for CVE-2023-53554",
"url": "https://bugzilla.suse.com/1251057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53554"
},
{
"cve": "CVE-2023-53555",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53555"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object. However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter(). As a result, accessing\nuninitialized memory is possible. Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing. Initialize\nthe field just after the allocation from damos_new_filter().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53555",
"url": "https://www.suse.com/security/cve/CVE-2023-53555"
},
{
"category": "external",
"summary": "SUSE Bug 1251056 for CVE-2023-53555",
"url": "https://bugzilla.suse.com/1251056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53555"
},
{
"cve": "CVE-2023-53556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53556"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix use-after-free in free_netdev\n\nWe do netif_napi_add() for all allocated q_vectors[], but potentially\ndo netif_napi_del() for part of them, then kfree q_vectors and leave\ninvalid pointers at dev-\u003enapi_list.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 4093.900222] ==================================================================\n[ 4093.900230] BUG: KASAN: use-after-free in free_netdev+0x308/0x390\n[ 4093.900232] Read of size 8 at addr ffff88b4dc145640 by task repro.sh/6699\n[ 4093.900233]\n[ 4093.900236] CPU: 10 PID: 6699 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 4093.900238] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 4093.900239] Call Trace:\n[ 4093.900244] dump_stack+0x71/0xab\n[ 4093.900249] print_address_description+0x6b/0x290\n[ 4093.900251] ? free_netdev+0x308/0x390\n[ 4093.900252] kasan_report+0x14a/0x2b0\n[ 4093.900254] free_netdev+0x308/0x390\n[ 4093.900261] iavf_remove+0x825/0xd20 [iavf]\n[ 4093.900265] pci_device_remove+0xa8/0x1f0\n[ 4093.900268] device_release_driver_internal+0x1c6/0x460\n[ 4093.900271] pci_stop_bus_device+0x101/0x150\n[ 4093.900273] pci_stop_and_remove_bus_device+0xe/0x20\n[ 4093.900275] pci_iov_remove_virtfn+0x187/0x420\n[ 4093.900277] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 4093.900278] ? pci_get_subsys+0x90/0x90\n[ 4093.900280] sriov_disable+0xed/0x3e0\n[ 4093.900282] ? bus_find_device+0x12d/0x1a0\n[ 4093.900290] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 4093.900298] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 4093.900299] ? pci_get_device+0x7c/0x90\n[ 4093.900300] ? pci_get_subsys+0x90/0x90\n[ 4093.900306] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 4093.900309] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900315] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 4093.900318] sriov_numvfs_store+0x214/0x290\n[ 4093.900320] ? sriov_totalvfs_show+0x30/0x30\n[ 4093.900321] ? __mutex_lock_slowpath+0x10/0x10\n[ 4093.900323] ? __check_object_size+0x15a/0x350\n[ 4093.900326] kernfs_fop_write+0x280/0x3f0\n[ 4093.900329] vfs_write+0x145/0x440\n[ 4093.900330] ksys_write+0xab/0x160\n[ 4093.900332] ? __ia32_sys_read+0xb0/0xb0\n[ 4093.900334] ? fput_many+0x1a/0x120\n[ 4093.900335] ? filp_close+0xf0/0x130\n[ 4093.900338] do_syscall_64+0xa0/0x370\n[ 4093.900339] ? page_fault+0x8/0x30\n[ 4093.900341] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 4093.900357] RIP: 0033:0x7f16ad4d22c0\n[ 4093.900359] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe dd 01 00 48 89 04 24\n[ 4093.900360] RSP: 002b:00007ffd6491b7f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 4093.900362] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f16ad4d22c0\n[ 4093.900363] RDX: 0000000000000002 RSI: 0000000001a41408 RDI: 0000000000000001\n[ 4093.900364] RBP: 0000000001a41408 R08: 00007f16ad7a1780 R09: 00007f16ae1f2700\n[ 4093.9003\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53556",
"url": "https://www.suse.com/security/cve/CVE-2023-53556"
},
{
"category": "external",
"summary": "SUSE Bug 1251059 for CVE-2023-53556",
"url": "https://bugzilla.suse.com/1251059"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53556"
},
{
"cve": "CVE-2023-53557",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53557"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfprobe: Release rethook after the ftrace_ops is unregistered\n\nWhile running bpf selftests it\u0027s possible to get following fault:\n\n general protection fault, probably for non-canonical address \\\n 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC NOPTI\n ...\n Call Trace:\n \u003cTASK\u003e\n fprobe_handler+0xc1/0x270\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? __pfx_bpf_testmod_init+0x10/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_fentry_test1+0x5/0x10\n ? bpf_testmod_init+0x22/0x80\n ? do_one_initcall+0x63/0x2e0\n ? rcu_is_watching+0xd/0x40\n ? kmalloc_trace+0xaf/0xc0\n ? do_init_module+0x60/0x250\n ? __do_sys_finit_module+0xac/0x120\n ? do_syscall_64+0x37/0x90\n ? entry_SYSCALL_64_after_hwframe+0x72/0xdc\n \u003c/TASK\u003e\n\nIn unregister_fprobe function we can\u0027t release fp-\u003erethook while it\u0027s\npossible there are some of its users still running on another cpu.\n\nMoving rethook_free call after fp-\u003eops is unregistered with\nunregister_ftrace_function call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53557",
"url": "https://www.suse.com/security/cve/CVE-2023-53557"
},
{
"category": "external",
"summary": "SUSE Bug 1251054 for CVE-2023-53557",
"url": "https://bugzilla.suse.com/1251054"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53557"
},
{
"cve": "CVE-2023-53558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53558"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()\n\npr_info() is called with rtp-\u003ecbs_gbl_lock spin lock locked. Because\npr_info() calls printk() that might sleep, this will result in BUG\nlike below:\n\n[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.\n[ 0.206463]\n[ 0.206464] =============================\n[ 0.206464] [ BUG: Invalid wait context ]\n[ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted\n[ 0.206466] -----------------------------\n[ 0.206466] swapper/0/1 is trying to lock:\n[ 0.206467] ffffffffa0167a58 (\u0026port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0\n[ 0.206473] other info that might help us debug this:\n[ 0.206473] context-{5:5}\n[ 0.206474] 3 locks held by swapper/0/1:\n[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0\n[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e\n[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330\n[ 0.206485] stack backtrace:\n[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5\n[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014\n[ 0.206489] Call Trace:\n[ 0.206490] \u003cTASK\u003e\n[ 0.206491] dump_stack_lvl+0x6a/0x9f\n[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe\n[ 0.206496] ? stack_trace_save+0x46/0x70\n[ 0.206497] lock_acquire+0xd1/0x2f0\n[ 0.206499] ? serial8250_console_write+0x327/0x4a0\n[ 0.206500] ? __lock_acquire+0x5c7/0x2720\n[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90\n[ 0.206504] ? serial8250_console_write+0x327/0x4a0\n[ 0.206506] serial8250_console_write+0x327/0x4a0\n[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330\n[ 0.206511] console_unlock+0xf7/0x1f0\n[ 0.206512] vprintk_emit+0xf7/0x330\n[ 0.206514] _printk+0x63/0x7e\n[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32\n[ 0.206518] rcu_init_tasks_generic+0x5/0xd9\n[ 0.206522] kernel_init_freeable+0x15b/0x2a2\n[ 0.206523] ? rest_init+0x160/0x160\n[ 0.206526] kernel_init+0x11/0x120\n[ 0.206527] ret_from_fork+0x1f/0x30\n[ 0.206530] \u003c/TASK\u003e\n[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.\n\nThis patch moves pr_info() so that it is called without\nrtp-\u003ecbs_gbl_lock locked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53558",
"url": "https://www.suse.com/security/cve/CVE-2023-53558"
},
{
"category": "external",
"summary": "SUSE Bug 1251081 for CVE-2023-53558",
"url": "https://bugzilla.suse.com/1251081"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53558"
},
{
"cve": "CVE-2023-53559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53559"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip_vti: fix potential slab-use-after-free in decode_session6\n\nWhen ip_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ip_vti device sends IPv6 packets.\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53559",
"url": "https://www.suse.com/security/cve/CVE-2023-53559"
},
{
"category": "external",
"summary": "SUSE Bug 1251052 for CVE-2023-53559",
"url": "https://bugzilla.suse.com/1251052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53559"
},
{
"cve": "CVE-2023-53560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53560"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/histograms: Add histograms to hist_vars if they have referenced variables\n\nHist triggers can have referenced variables without having direct\nvariables fields. This can be the case if referenced variables are added\nfor trigger actions. In this case the newly added references will not\nhave field variables. Not taking such referenced variables into\nconsideration can result in a bug where it would be possible to remove\nhist trigger with variables being refenced. This will result in a bug\nthat is easily reproducable like so\n\n$ cd /sys/kernel/tracing\n$ echo \u0027synthetic_sys_enter char[] comm; long id\u0027 \u003e\u003e synthetic_events\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n$ echo \u0027!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname\u0027 \u003e\u003e events/raw_syscalls/sys_enter/trigger\n\n[ 100.263533] ==================================================================\n[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180\n[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439\n[ 100.266320]\n[ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4\n[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014\n[ 100.268561] Call Trace:\n[ 100.268902] \u003cTASK\u003e\n[ 100.269189] dump_stack_lvl+0x4c/0x70\n[ 100.269680] print_report+0xc5/0x600\n[ 100.270165] ? resolve_var_refs+0xc7/0x180\n[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0\n[ 100.271389] ? resolve_var_refs+0xc7/0x180\n[ 100.271913] kasan_report+0xbd/0x100\n[ 100.272380] ? resolve_var_refs+0xc7/0x180\n[ 100.272920] __asan_load8+0x71/0xa0\n[ 100.273377] resolve_var_refs+0xc7/0x180\n[ 100.273888] event_hist_trigger+0x749/0x860\n[ 100.274505] ? kasan_save_stack+0x2a/0x50\n[ 100.275024] ? kasan_set_track+0x29/0x40\n[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10\n[ 100.276138] ? ksys_write+0xd1/0x170\n[ 100.276607] ? do_syscall_64+0x3c/0x90\n[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.277771] ? destroy_hist_data+0x446/0x470\n[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860\n[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10\n[ 100.279627] ? __kasan_check_write+0x18/0x20\n[ 100.280177] ? mutex_unlock+0x85/0xd0\n[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10\n[ 100.281200] ? kfree+0x7b/0x120\n[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0\n[ 100.282197] ? event_trigger_write+0xac/0x100\n[ 100.282764] ? __kasan_slab_free+0x16/0x20\n[ 100.283293] ? __kmem_cache_free+0x153/0x2f0\n[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250\n[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10\n[ 100.285221] ? event_trigger_write+0xbc/0x100\n[ 100.285781] ? __kasan_check_read+0x15/0x20\n[ 100.286321] ? __bitmap_weight+0x66/0xa0\n[ 100.286833] ? _find_next_bit+0x46/0xe0\n[ 100.287334] ? task_mm_cid_work+0x37f/0x450\n[ 100.287872] event_triggers_call+0x84/0x150\n[ 100.288408] trace_event_buffer_commit+0x339/0x430\n[ 100.289073] ? ring_buffer_event_data+0x3f/0x60\n[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0\n[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0\n[ 100.298653] syscall_enter_from_user_mode+0x32/0x40\n[ 100.301808] do_syscall_64+0x1a/0x90\n[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 100.307775] RIP: 0033:0x7f686c75c1cb\n[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48\n[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021\n[ 100.321200] RA\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53560",
"url": "https://www.suse.com/security/cve/CVE-2023-53560"
},
{
"category": "external",
"summary": "SUSE Bug 1251045 for CVE-2023-53560",
"url": "https://bugzilla.suse.com/1251045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53560"
},
{
"cve": "CVE-2023-53563",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53563"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: amd-pstate-ut: Fix kernel panic when loading the driver\n\nAfter loading the amd-pstate-ut driver, amd_pstate_ut_check_perf()\nand amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy\nof the CPU and mark it as busy.\n\nIn these functions, cpufreq_cpu_put() should be used to release the\npolicy, but it is not, so any other entity trying to access the policy\nis blocked indefinitely.\n\nOne such scenario is when amd_pstate mode is changed, leading to the\nfollowing splat:\n\n[ 1332.103727] INFO: task bash:2929 blocked for more than 120 seconds.\n[ 1332.110001] Not tainted 6.5.0-rc2-amd-pstate-ut #5\n[ 1332.115315] \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 1332.123140] task:bash state:D stack:0 pid:2929 ppid:2873 flags:0x00004006\n[ 1332.123143] Call Trace:\n[ 1332.123145] \u003cTASK\u003e\n[ 1332.123148] __schedule+0x3c1/0x16a0\n[ 1332.123154] ? _raw_read_lock_irqsave+0x2d/0x70\n[ 1332.123157] schedule+0x6f/0x110\n[ 1332.123160] schedule_timeout+0x14f/0x160\n[ 1332.123162] ? preempt_count_add+0x86/0xd0\n[ 1332.123165] __wait_for_common+0x92/0x190\n[ 1332.123168] ? __pfx_schedule_timeout+0x10/0x10\n[ 1332.123170] wait_for_completion+0x28/0x30\n[ 1332.123173] cpufreq_policy_put_kobj+0x4d/0x90\n[ 1332.123177] cpufreq_policy_free+0x157/0x1d0\n[ 1332.123178] ? preempt_count_add+0x58/0xd0\n[ 1332.123180] cpufreq_remove_dev+0xb6/0x100\n[ 1332.123182] subsys_interface_unregister+0x114/0x120\n[ 1332.123185] ? preempt_count_add+0x58/0xd0\n[ 1332.123187] ? __pfx_amd_pstate_change_driver_mode+0x10/0x10\n[ 1332.123190] cpufreq_unregister_driver+0x3b/0xd0\n[ 1332.123192] amd_pstate_change_driver_mode+0x1e/0x50\n[ 1332.123194] store_status+0xe9/0x180\n[ 1332.123197] dev_attr_store+0x1b/0x30\n[ 1332.123199] sysfs_kf_write+0x42/0x50\n[ 1332.123202] kernfs_fop_write_iter+0x143/0x1d0\n[ 1332.123204] vfs_write+0x2df/0x400\n[ 1332.123208] ksys_write+0x6b/0xf0\n[ 1332.123210] __x64_sys_write+0x1d/0x30\n[ 1332.123213] do_syscall_64+0x60/0x90\n[ 1332.123216] ? fpregs_assert_state_consistent+0x2e/0x50\n[ 1332.123219] ? exit_to_user_mode_prepare+0x49/0x1a0\n[ 1332.123223] ? irqentry_exit_to_user_mode+0xd/0x20\n[ 1332.123225] ? irqentry_exit+0x3f/0x50\n[ 1332.123226] ? exc_page_fault+0x8e/0x190\n[ 1332.123228] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ 1332.123232] RIP: 0033:0x7fa74c514a37\n[ 1332.123234] RSP: 002b:00007ffe31dd0788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 1332.123238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007fa74c514a37\n[ 1332.123239] RDX: 0000000000000008 RSI: 000055e27c447aa0 RDI: 0000000000000001\n[ 1332.123241] RBP: 000055e27c447aa0 R08: 00007fa74c5d1460 R09: 000000007fffffff\n[ 1332.123242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000008\n[ 1332.123244] R13: 00007fa74c61a780 R14: 00007fa74c616600 R15: 00007fa74c615a00\n[ 1332.123247] \u003c/TASK\u003e\n\nFix this by calling cpufreq_cpu_put() wherever necessary.\n\n[ rjw: Subject and changelog edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53563",
"url": "https://www.suse.com/security/cve/CVE-2023-53563"
},
{
"category": "external",
"summary": "SUSE Bug 1251038 for CVE-2023-53563",
"url": "https://bugzilla.suse.com/1251038"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53563"
},
{
"cve": "CVE-2023-53568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53568"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: don\u0027t leak memory if dev_set_name() fails\n\nWhen dev_set_name() fails, zcdn_create() doesn\u0027t free the newly\nallocated resources. Do it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53568",
"url": "https://www.suse.com/security/cve/CVE-2023-53568"
},
{
"category": "external",
"summary": "SUSE Bug 1251035 for CVE-2023-53568",
"url": "https://bugzilla.suse.com/1251035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53568"
},
{
"cve": "CVE-2023-53570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53570"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()\n\nnl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the\nnumber of MBSSID elements in the nested netlink attribute attrs, which can\nlead to an integer overflow if a user of the nl80211 interface specifies\n256 or more elements in the corresponding attribute in userspace. The\ninteger overflow can lead to a heap buffer overflow as num_elems determines\nthe size of the trailing array in elems, and this array is thereafter\nwritten to for each element in attrs.\n\nNote that this vulnerability only affects devices with the\nwiphy-\u003embssid_max_interfaces member set for the wireless physical device\nstruct in the device driver, and can only be triggered by a process with\nCAP_NET_ADMIN capabilities.\n\nFix this by checking for a maximum of 255 elements in attrs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53570",
"url": "https://www.suse.com/security/cve/CVE-2023-53570"
},
{
"category": "external",
"summary": "SUSE Bug 1251031 for CVE-2023-53570",
"url": "https://bugzilla.suse.com/1251031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53570"
},
{
"cve": "CVE-2023-53572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53572"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: scu: use _safe list iterator to avoid a use after free\n\nThis loop is freeing \"clk\" so it needs to use list_for_each_entry_safe().\nOtherwise it dereferences a freed variable to get the next item on the\nloop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53572",
"url": "https://www.suse.com/security/cve/CVE-2023-53572"
},
{
"category": "external",
"summary": "SUSE Bug 1251027 for CVE-2023-53572",
"url": "https://bugzilla.suse.com/1251027"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53572"
},
{
"cve": "CVE-2023-53574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: delete timer and free skb queue when unloading\n\nFix possible crash and memory leak on driver unload by deleting\nTX purge timer and freeing C2H queue in \u0027rtw_core_deinit()\u0027,\nshrink critical section in the latter by freeing COEX queue\nout of TX report lock scope.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53574",
"url": "https://www.suse.com/security/cve/CVE-2023-53574"
},
{
"category": "external",
"summary": "SUSE Bug 1251222 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251222"
},
{
"category": "external",
"summary": "SUSE Bug 1251984 for CVE-2023-53574",
"url": "https://bugzilla.suse.com/1251984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2023-53574"
},
{
"cve": "CVE-2023-53575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix potential array out of bounds access\n\nAccount for IWL_SEC_WEP_KEY_OFFSET when needed while verifying\nkey_len size in iwl_mvm_sec_key_add().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53575",
"url": "https://www.suse.com/security/cve/CVE-2023-53575"
},
{
"category": "external",
"summary": "SUSE Bug 1251067 for CVE-2023-53575",
"url": "https://bugzilla.suse.com/1251067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53575"
},
{
"cve": "CVE-2023-53577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Make sure kthread is running before map update returns\n\nThe following warning was reported when running stress-mode enabled\nxdp_redirect_cpu with some RT threads:\n\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135\n CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events cpu_map_kthread_stop\n RIP: 0010:put_cpu_map_entry+0xda/0x220\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ......\n ? put_cpu_map_entry+0xda/0x220\n cpu_map_kthread_stop+0x41/0x60\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe root cause is the same as commit 436901649731 (\"bpf: cpumap: Fix memory\nleak in cpu_map_update_elem\"). The kthread is stopped prematurely by\nkthread_stop() in cpu_map_kthread_stop(), and kthread() doesn\u0027t call\ncpu_map_kthread_run() at all but XDP program has already queued some\nframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checks\nthe ptr_ring, it will find it was not emptied and report a warning.\n\nAn alternative fix is to use __cpu_map_ring_cleanup() to drop these\npending frames or skbs when kthread_stop() returns -EINTR, but it may\nconfuse the user, because these frames or skbs have been handled\ncorrectly by XDP program. So instead of dropping these frames or skbs,\njust make sure the per-cpu kthread is running before\n__cpu_map_entry_alloc() returns.\n\nAfter apply the fix, the error handle for kthread_stop() will be\nunnecessary because it will always return 0, so just remove it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53577",
"url": "https://www.suse.com/security/cve/CVE-2023-53577"
},
{
"category": "external",
"summary": "SUSE Bug 1251028 for CVE-2023-53577",
"url": "https://bugzilla.suse.com/1251028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53577"
},
{
"cve": "CVE-2023-53579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix irq domain leak\n\nUwe Kleine-Knig pointed out we still have one resource leak in the mvebu\ndriver triggered on driver detach. Let\u0027s address it with a custom devm\naction.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53579",
"url": "https://www.suse.com/security/cve/CVE-2023-53579"
},
{
"category": "external",
"summary": "SUSE Bug 1251170 for CVE-2023-53579",
"url": "https://bugzilla.suse.com/1251170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53579"
},
{
"cve": "CVE-2023-53580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: Gadget: core: Help prevent panic during UVC unconfigure\n\nAvichal Rakesh reported a kernel panic that occurred when the UVC\ngadget driver was removed from a gadget\u0027s configuration. The panic\ninvolves a somewhat complicated interaction between the kernel driver\nand a userspace component (as described in the Link tag below), but\nthe analysis did make one thing clear: The Gadget core should\naccomodate gadget drivers calling usb_gadget_deactivate() as part of\ntheir unbind procedure.\n\nCurrently this doesn\u0027t work. gadget_unbind_driver() calls\ndriver-\u003eunbind() while holding the udc-\u003econnect_lock mutex, and\nusb_gadget_deactivate() attempts to acquire that mutex, which will\nresult in a deadlock.\n\nThe simple fix is for gadget_unbind_driver() to release the mutex when\ninvoking the -\u003eunbind() callback. There is no particular reason for\nit to be holding the mutex at that time, and the mutex isn\u0027t held\nwhile the -\u003ebind() callback is invoked. So we\u0027ll drop the mutex\nbefore performing the unbind callback and reacquire it afterward.\n\nWe\u0027ll also add a couple of comments to usb_gadget_activate() and\nusb_gadget_deactivate(). Because they run in process context they\nmust not be called from a gadget driver\u0027s -\u003edisconnect() callback,\nwhich (according to the kerneldoc for struct usb_gadget_driver in\ninclude/linux/usb/gadget.h) may run in interrupt context. This may\nhelp prevent similar bugs from arising in the future.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53580",
"url": "https://www.suse.com/security/cve/CVE-2023-53580"
},
{
"category": "external",
"summary": "SUSE Bug 1251105 for CVE-2023-53580",
"url": "https://bugzilla.suse.com/1251105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53580"
},
{
"cve": "CVE-2023-53581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Check for NOT_READY flag state after locking\n\nCurrently the check for NOT_READY flag is performed before obtaining the\nnecessary lock. This opens a possibility for race condition when the flow\nis concurrently removed from unready_flows list by the workqueue task,\nwhich causes a double-removal from the list and a crash[0]. Fix the issue\nby moving the flag check inside the section protected by\nuplink_priv-\u003eunready_flows_lock mutex.\n\n[0]:\n[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP\n[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1\n[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 \u003c48\u003e 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06\n[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246\n[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00\n[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0\n[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001\n[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000\n[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000\n[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000\n[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0\n[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[44376.406339] Call Trace:\n[44376.406651] \u003cTASK\u003e\n[44376.406939] ? die_addr+0x33/0x90\n[44376.407311] ? exc_general_protection+0x192/0x390\n[44376.407795] ? asm_exc_general_protection+0x22/0x30\n[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core]\n[44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core]\n[44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core]\n[44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core]\n[44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core]\n[44376.411043] tc_setup_cb_reoffload+0x22/0x80\n[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower]\n[44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core]\n[44376.413044] tcf_block_playback_offloads+0x76/0x170\n[44376.413497] tcf_block_unbind+0x7b/0xd0\n[44376.413881] tcf_block_setup+0x17d/0x1c0\n[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130\n[44376.414725] tcf_block_offload_unbind+0x43/0x70\n[44376.415153] __tcf_block_put+0x82/0x150\n[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress]\n[44376.415986] qdisc_destroy+0x3b/0xd0\n[44376.416343] qdisc_graft+0x4d0/0x620\n[44376.416706] tc_get_qdisc+0x1c9/0x3b0\n[44376.417074] rtnetlink_rcv_msg+0x29c/0x390\n[44376.419978] ? rep_movs_alternative+0x3a/0xa0\n[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120\n[44376.420813] netlink_rcv_skb+0x54/0x100\n[44376.421192] netlink_unicast+0x1f6/0x2c0\n[44376.421573] netlink_sendmsg+0x232/0x4a0\n[44376.421980] sock_sendmsg+0x38/0x60\n[44376.422328] ____sys_sendmsg+0x1d0/0x1e0\n[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0\n[44376.423127] ___sys_sendmsg+0x80/0xc0\n[44376.423495] ? ___sys_recvmsg+0x8b/0xc0\n[44376.423869] __sys_sendmsg+0x51/0x90\n[44376.424226] do_syscall_64+0x3d/0x90\n[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[44376.425046] RIP: 0033:0x7f045134f887\n[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53581",
"url": "https://www.suse.com/security/cve/CVE-2023-53581"
},
{
"category": "external",
"summary": "SUSE Bug 1251106 for CVE-2023-53581",
"url": "https://bugzilla.suse.com/1251106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53581"
},
{
"cve": "CVE-2023-53583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start()\n\nSince commit 096b52fd2bb4 (\"perf: RISC-V: throttle perf events\") the\nperf_sample_event_took() function was added to report time spent in\noverflow interrupts. If the interrupt takes too long, the perf framework\nwill lower the sysctl_perf_event_sample_rate and max_samples_per_tick.\nWhen hwc-\u003einterrupts is larger than max_samples_per_tick, the\nhwc-\u003einterrupts will be set to MAX_INTERRUPTS, and events will be\nthrottled within the __perf_event_account_interrupt() function.\n\nHowever, the RISC-V PMU driver doesn\u0027t call riscv_pmu_stop() to update the\nPERF_HES_STOPPED flag after perf_event_overflow() in pmu_sbi_ovf_handler()\nfunction to avoid throttling. When the perf framework unthrottled the event\nin the timer interrupt handler, it triggers riscv_pmu_start() function\nand causes a WARN_ON_ONCE() warning, as shown below:\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 240 at drivers/perf/riscv_pmu.c:184 riscv_pmu_start+0x7c/0x8e\n Modules linked in:\n CPU: 0 PID: 240 Comm: ls Not tainted 6.4-rc4-g19d0788e9ef2 #1\n Hardware name: SiFive (DT)\n epc : riscv_pmu_start+0x7c/0x8e\n ra : riscv_pmu_start+0x28/0x8e\n epc : ffffffff80aef864 ra : ffffffff80aef810 sp : ffff8f80004db6f0\n gp : ffffffff81c83750 tp : ffffaf80069f9bc0 t0 : ffff8f80004db6c0\n t1 : 0000000000000000 t2 : 000000000000001f s0 : ffff8f80004db720\n s1 : ffffaf8008ca1068 a0 : 0000ffffffffffff a1 : 0000000000000000\n a2 : 0000000000000001 a3 : 0000000000000870 a4 : 0000000000000000\n a5 : 0000000000000000 a6 : 0000000000000840 a7 : 0000000000000030\n s2 : 0000000000000000 s3 : ffffaf8005165800 s4 : ffffaf800424da00\n s5 : ffffffffffffffff s6 : ffffffff81cc7590 s7 : 0000000000000000\n s8 : 0000000000000006 s9 : 0000000000000001 s10: ffffaf807efbc340\n s11: ffffaf807efbbf00 t3 : ffffaf8006a16028 t4 : 00000000dbfbb796\n t5 : 0000000700000000 t6 : ffffaf8005269870\n status: 0000000200000100 badaddr: 0000000000000000 cause: 0000000000000003\n [\u003cffffffff80aef864\u003e] riscv_pmu_start+0x7c/0x8e\n [\u003cffffffff80185b56\u003e] perf_adjust_freq_unthr_context+0x15e/0x174\n [\u003cffffffff80188642\u003e] perf_event_task_tick+0x88/0x9c\n [\u003cffffffff800626a8\u003e] scheduler_tick+0xfe/0x27c\n [\u003cffffffff800b5640\u003e] update_process_times+0x9a/0xba\n [\u003cffffffff800c5bd4\u003e] tick_sched_handle+0x32/0x66\n [\u003cffffffff800c5e0c\u003e] tick_sched_timer+0x64/0xb0\n [\u003cffffffff800b5e50\u003e] __hrtimer_run_queues+0x156/0x2f4\n [\u003cffffffff800b6bdc\u003e] hrtimer_interrupt+0xe2/0x1fe\n [\u003cffffffff80acc9e8\u003e] riscv_timer_interrupt+0x38/0x42\n [\u003cffffffff80090a16\u003e] handle_percpu_devid_irq+0x90/0x1d2\n [\u003cffffffff8008a9f4\u003e] generic_handle_domain_irq+0x28/0x36\n\nAfter referring other PMU drivers like Arm, Loongarch, Csky, and Mips,\nthey don\u0027t call *_pmu_stop() to update with PERF_HES_STOPPED flag\nafter perf_event_overflow() function nor do they add PERF_HES_STOPPED\nflag checking in *_pmu_start() which don\u0027t cause this warning.\n\nThus, it\u0027s recommended to remove this unnecessary check in\nriscv_pmu_start() function to prevent this warning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53583",
"url": "https://www.suse.com/security/cve/CVE-2023-53583"
},
{
"category": "external",
"summary": "SUSE Bug 1251108 for CVE-2023-53583",
"url": "https://bugzilla.suse.com/1251108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53583"
},
{
"cve": "CVE-2023-53585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: reject unhashed sockets in bpf_sk_assign\n\nThe semantics for bpf_sk_assign are as follows:\n\n sk = some_lookup_func()\n bpf_sk_assign(skb, sk)\n bpf_sk_release(sk)\n\nThat is, the sk is not consumed by bpf_sk_assign. The function\ntherefore needs to make sure that sk lives long enough to be\nconsumed from __inet_lookup_skb. The path through the stack for a\nTCPv4 packet is roughly:\n\n netif_receive_skb_core: takes RCU read lock\n __netif_receive_skb_core:\n sch_handle_ingress:\n tcf_classify:\n bpf_sk_assign()\n deliver_ptype_list_skb:\n deliver_skb:\n ip_packet_type-\u003efunc == ip_rcv:\n ip_rcv_core:\n ip_rcv_finish_core:\n dst_input:\n ip_local_deliver:\n ip_local_deliver_finish:\n ip_protocol_deliver_rcu:\n tcp_v4_rcv:\n __inet_lookup_skb:\n skb_steal_sock\n\nThe existing helper takes advantage of the fact that everything\nhappens in the same RCU critical section: for sockets with\nSOCK_RCU_FREE set bpf_sk_assign never takes a reference.\nskb_steal_sock then checks SOCK_RCU_FREE again and does sock_put\nif necessary.\n\nThis approach assumes that SOCK_RCU_FREE is never set on a sk\nbetween bpf_sk_assign and skb_steal_sock, but this invariant is\nviolated by unhashed UDP sockets. A new UDP socket is created\nin TCP_CLOSE state but without SOCK_RCU_FREE set. That flag is only\nadded in udp_lib_get_port() which happens when a socket is bound.\n\nWhen bpf_sk_assign was added it wasn\u0027t possible to access unhashed\nUDP sockets from BPF, so this wasn\u0027t a problem. This changed\nin commit 0c48eefae712 (\"sock_map: Lift socket state restriction\nfor datagram sockets\"), but the helper wasn\u0027t adjusted accordingly.\nThe following sequence of events will therefore lead to a refcount\nleak:\n\n1. Add socket(AF_INET, SOCK_DGRAM) to a sockmap.\n2. Pull socket out of sockmap and bpf_sk_assign it. Since\n SOCK_RCU_FREE is not set we increment the refcount.\n3. bind() or connect() the socket, setting SOCK_RCU_FREE.\n4. skb_steal_sock will now set refcounted = false due to\n SOCK_RCU_FREE.\n5. tcp_v4_rcv() skips sock_put().\n\nFix the problem by rejecting unhashed sockets in bpf_sk_assign().\nThis matches the behaviour of __inet_lookup_skb which is ultimately\nthe goal of bpf_sk_assign().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53585",
"url": "https://www.suse.com/security/cve/CVE-2023-53585"
},
{
"category": "external",
"summary": "SUSE Bug 1251126 for CVE-2023-53585",
"url": "https://bugzilla.suse.com/1251126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53585"
},
{
"cve": "CVE-2023-53588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: check for station first in client probe\n\nWhen probing a client, first check if we have it, and then\ncheck for the channel context, otherwise you can trigger\nthe warning there easily by probing when the AP isn\u0027t even\nstarted yet. Since a client existing means the AP is also\noperating, we can then keep the warning.\n\nAlso simplify the moved code a bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53588",
"url": "https://www.suse.com/security/cve/CVE-2023-53588"
},
{
"category": "external",
"summary": "SUSE Bug 1251206 for CVE-2023-53588",
"url": "https://bugzilla.suse.com/1251206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53588"
},
{
"cve": "CVE-2023-53593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Release folio lock on fscache read hit.\n\nUnder the current code, when cifs_readpage_worker is called, the call\ncontract is that the callee should unlock the page. This is documented\nin the read_folio section of Documentation/filesystems/vfs.rst as:\n\n\u003e The filesystem should unlock the folio once the read has completed,\n\u003e whether it was successful or not.\n\nWithout this change, when fscache is in use and cache hit occurs during\na read, the page lock is leaked, producing the following stack on\nsubsequent reads (via mmap) to the page:\n\n$ cat /proc/3890/task/12864/stack\n[\u003c0\u003e] folio_wait_bit_common+0x124/0x350\n[\u003c0\u003e] filemap_read_folio+0xad/0xf0\n[\u003c0\u003e] filemap_fault+0x8b1/0xab0\n[\u003c0\u003e] __do_fault+0x39/0x150\n[\u003c0\u003e] do_fault+0x25c/0x3e0\n[\u003c0\u003e] __handle_mm_fault+0x6ca/0xc70\n[\u003c0\u003e] handle_mm_fault+0xe9/0x350\n[\u003c0\u003e] do_user_addr_fault+0x225/0x6c0\n[\u003c0\u003e] exc_page_fault+0x84/0x1b0\n[\u003c0\u003e] asm_exc_page_fault+0x27/0x30\n\nThis requires a reboot to resolve; it is a deadlock.\n\nNote however that the call to cifs_readpage_from_fscache does mark the\npage clean, but does not free the folio lock. This happens in\n__cifs_readpage_from_fscache on success. Releasing the lock at that\npoint however is not appropriate as cifs_readahead also calls\ncifs_readpage_from_fscache and *does* unconditionally release the lock\nafter its return. This change therefore effectively makes\ncifs_readpage_worker work like cifs_readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53593",
"url": "https://www.suse.com/security/cve/CVE-2023-53593"
},
{
"category": "external",
"summary": "SUSE Bug 1251132 for CVE-2023-53593",
"url": "https://bugzilla.suse.com/1251132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53593"
},
{
"cve": "CVE-2023-53596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: base: Free devm resources when unregistering a device\n\nIn the current code, devres_release_all() only gets called if the device\nhas a bus and has been probed.\n\nThis leads to issues when using bus-less or driver-less devices where\nthe device might never get freed if a managed resource holds a reference\nto the device. This is happening in the DRM framework for example.\n\nWe should thus call devres_release_all() in the device_del() function to\nmake sure that the device-managed actions are properly executed when the\ndevice is unregistered, even if it has neither a bus nor a driver.\n\nThis is effectively the same change than commit 2f8d16a996da (\"devres:\nrelease resources on device_del()\") that got reverted by commit\na525a3ddeaca (\"driver core: free devres in device_release\") over\nmemory leaks concerns.\n\nThis patch effectively combines the two commits mentioned above to\nrelease the resources both on device_del() and device_release() and get\nthe best of both worlds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53596",
"url": "https://www.suse.com/security/cve/CVE-2023-53596"
},
{
"category": "external",
"summary": "SUSE Bug 1251161 for CVE-2023-53596",
"url": "https://bugzilla.suse.com/1251161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53596"
},
{
"cve": "CVE-2023-53597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix mid leak during reconnection after timeout threshold\n\nWhen the number of responses with status of STATUS_IO_TIMEOUT\nexceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect\nthe connection. But we do not return the mid, or the credits\nreturned for the mid, or reduce the number of in-flight requests.\n\nThis bug could result in the server-\u003ein_flight count to go bad,\nand also cause a leak in the mids.\n\nThis change moves the check to a few lines below where the\nresponse is decrypted, even of the response is read from the\ntransform header. This way, the code for returning the mids\ncan be reused.\n\nAlso, the cifs_reconnect was reconnecting just the transport\nconnection before. In case of multi-channel, this may not be\nwhat we want to do after several timeouts. Changed that to\nreconnect the session and the tree too.\n\nAlso renamed NUM_STATUS_IO_TIMEOUT to a more appropriate name\nMAX_STATUS_IO_TIMEOUT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53597",
"url": "https://www.suse.com/security/cve/CVE-2023-53597"
},
{
"category": "external",
"summary": "SUSE Bug 1251159 for CVE-2023-53597",
"url": "https://bugzilla.suse.com/1251159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53597"
},
{
"cve": "CVE-2023-53599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix missing initialisation affecting gcm-aes-s390\n\nFix af_alg_alloc_areq() to initialise areq-\u003efirst_rsgl.sgl.sgt.sgl to point\nto the scatterlist array in areq-\u003efirst_rsgl.sgl.sgl.\n\nWithout this, the gcm-aes-s390 driver will oops when it tries to do\ngcm_walk_start() on req-\u003edst because req-\u003edst is set to the value of\nareq-\u003efirst_rsgl.sgl.sgl by _aead_recvmsg() calling\naead_request_set_crypt().\n\nThe problem comes if an empty ciphertext is passed: the loop in\naf_alg_get_rsgl() just passes straight out and doesn\u0027t set areq-\u003efirst_rsgl\nup.\n\nThis isn\u0027t a problem on x86_64 using gcmaes_crypt_by_sg() because, as far\nas I can tell, that ignores req-\u003edst and only uses req-\u003esrc[*].\n\n[*] Is this a bug in aesni-intel_glue.c?\n\nThe s390x oops looks something like:\n\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0000000a00000000 TEID: 0000000a00000803\n Fault in home space mode while using kernel ASCE.\n AS:00000000a43a0007 R3:0000000000000024\n Oops: 003b ilc:2 [#1] SMP\n ...\n Call Trace:\n [\u003c000003ff7fc3d47e\u003e] gcm_walk_start+0x16/0x28 [aes_s390]\n [\u003c00000000a2a342f2\u003e] crypto_aead_decrypt+0x9a/0xb8\n [\u003c00000000a2a60888\u003e] aead_recvmsg+0x478/0x698\n [\u003c00000000a2e519a0\u003e] sock_recvmsg+0x70/0xb0\n [\u003c00000000a2e51a56\u003e] sock_read_iter+0x76/0xa0\n [\u003c00000000a273e066\u003e] vfs_read+0x26e/0x2a8\n [\u003c00000000a273e8c4\u003e] ksys_read+0xbc/0x100\n [\u003c00000000a311d808\u003e] __do_syscall+0x1d0/0x1f8\n [\u003c00000000a312ff30\u003e] system_call+0x70/0x98\n Last Breaking-Event-Address:\n [\u003c000003ff7fc3e6b4\u003e] gcm_aes_crypt+0x104/0xa68 [aes_s390]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53599",
"url": "https://www.suse.com/security/cve/CVE-2023-53599"
},
{
"category": "external",
"summary": "SUSE Bug 1251150 for CVE-2023-53599",
"url": "https://bugzilla.suse.com/1251150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53599"
},
{
"cve": "CVE-2023-53600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix kasan splat when generating ipv4 pmtu error\n\nIf we try to emit an icmp error in response to a nonliner skb, we get\n\nBUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220\nRead of size 4 at addr ffff88811c50db00 by task iperf3/1691\nCPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309\n[..]\n kasan_report+0x105/0x140\n ip_compute_csum+0x134/0x220\n iptunnel_pmtud_build_icmp+0x554/0x1020\n skb_tunnel_check_pmtu+0x513/0xb80\n vxlan_xmit_one+0x139e/0x2ef0\n vxlan_xmit+0x1867/0x2760\n dev_hard_start_xmit+0x1ee/0x4f0\n br_dev_queue_push_xmit+0x4d1/0x660\n [..]\n\nip_compute_csum() cannot deal with nonlinear skbs, so avoid it.\nAfter this change, splat is gone and iperf3 is no longer stuck.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53600",
"url": "https://www.suse.com/security/cve/CVE-2023-53600"
},
{
"category": "external",
"summary": "SUSE Bug 1251152 for CVE-2023-53600",
"url": "https://bugzilla.suse.com/1251152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53600"
},
{
"cve": "CVE-2023-53601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: do not assume skb mac_header is set\n\nDrivers must not assume in their ndo_start_xmit() that\nskbs have their mac_header set. skb-\u003edata is all what is needed.\n\nbonding seems to be one of the last offender as caught by syzbot:\n\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 skb_mac_offset include/linux/skbuff.h:2913 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 __bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nWARNING: CPU: 1 PID: 12155 at include/linux/skbuff.h:2907 bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nModules linked in:\nCPU: 1 PID: 12155 Comm: syz-executor.3 Not tainted 6.1.30-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\nRIP: 0010:skb_mac_header include/linux/skbuff.h:2907 [inline]\nRIP: 0010:skb_mac_offset include/linux/skbuff.h:2913 [inline]\nRIP: 0010:bond_xmit_hash drivers/net/bonding/bond_main.c:4170 [inline]\nRIP: 0010:bond_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5149 [inline]\nRIP: 0010:bond_3ad_xor_xmit drivers/net/bonding/bond_main.c:5186 [inline]\nRIP: 0010:__bond_start_xmit drivers/net/bonding/bond_main.c:5442 [inline]\nRIP: 0010:bond_start_xmit+0x14ab/0x19d0 drivers/net/bonding/bond_main.c:5470\nCode: 8b 7c 24 30 e8 76 dd 1a 01 48 85 c0 74 0d 48 89 c3 e8 29 67 2e fe e9 15 ef ff ff e8 1f 67 2e fe e9 10 ef ff ff e8 15 67 2e fe \u003c0f\u003e 0b e9 45 f8 ff ff e8 09 67 2e fe e9 dc fa ff ff e8 ff 66 2e fe\nRSP: 0018:ffffc90002fff6e0 EFLAGS: 00010283\nRAX: ffffffff835874db RBX: 000000000000ffff RCX: 0000000000040000\nRDX: ffffc90004dcf000 RSI: 00000000000000b5 RDI: 00000000000000b6\nRBP: ffffc90002fff8b8 R08: ffffffff83586d16 R09: ffffffff83586584\nR10: 0000000000000007 R11: ffff8881599fc780 R12: ffff88811b6a7b7e\nR13: 1ffff110236d4f6f R14: ffff88811b6a7ac0 R15: 1ffff110236d4f76\nFS: 00007f2e9eb47700(0000) GS:ffff8881f6b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b2e421000 CR3: 000000010e6d4000 CR4: 00000000003526e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cTASK\u003e\n[\u003cffffffff8471a49f\u003e] netdev_start_xmit include/linux/netdevice.h:4925 [inline]\n[\u003cffffffff8471a49f\u003e] __dev_direct_xmit+0x4ef/0x850 net/core/dev.c:4380\n[\u003cffffffff851d845b\u003e] dev_direct_xmit include/linux/netdevice.h:3043 [inline]\n[\u003cffffffff851d845b\u003e] packet_direct_xmit+0x18b/0x300 net/packet/af_packet.c:284\n[\u003cffffffff851c7472\u003e] packet_snd net/packet/af_packet.c:3112 [inline]\n[\u003cffffffff851c7472\u003e] packet_sendmsg+0x4a22/0x64d0 net/packet/af_packet.c:3143\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg_nosec net/socket.c:716 [inline]\n[\u003cffffffff8467a4b2\u003e] sock_sendmsg net/socket.c:736 [inline]\n[\u003cffffffff8467a4b2\u003e] __sys_sendto+0x472/0x5f0 net/socket.c:2139\n[\u003cffffffff8467a715\u003e] __do_sys_sendto net/socket.c:2151 [inline]\n[\u003cffffffff8467a715\u003e] __se_sys_sendto net/socket.c:2147 [inline]\n[\u003cffffffff8467a715\u003e] __x64_sys_sendto+0xe5/0x100 net/socket.c:2147\n[\u003cffffffff8553071f\u003e] do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n[\u003cffffffff8553071f\u003e] do_syscall_64+0x2f/0x50 arch/x86/entry/common.c:80\n[\u003cffffffff85600087\u003e] entry_SYSCALL_64_after_hwframe+0x63/0xcd",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53601",
"url": "https://www.suse.com/security/cve/CVE-2023-53601"
},
{
"category": "external",
"summary": "SUSE Bug 1251153 for CVE-2023-53601",
"url": "https://bugzilla.suse.com/1251153"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53601"
},
{
"cve": "CVE-2023-53602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix memory leak in WMI firmware stats\n\nMemory allocated for firmware pdev, vdev and beacon statistics\nare not released during rmmod.\n\nFix it by calling ath11k_fw_stats_free() function before hardware\nunregister.\n\nWhile at it, avoid calling ath11k_fw_stats_free() while processing\nthe firmware stats received in the WMI event because the local list\nis getting spliced and reinitialised and hence there are no elements\nin the list after splicing.\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53602",
"url": "https://www.suse.com/security/cve/CVE-2023-53602"
},
{
"category": "external",
"summary": "SUSE Bug 1251076 for CVE-2023-53602",
"url": "https://bugzilla.suse.com/1251076"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53602"
},
{
"cve": "CVE-2023-53603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Avoid fcport pointer dereference\n\nKlocwork reported warning of NULL pointer may be dereferenced. The routine\nexits when sa_ctl is NULL and fcport is allocated after the exit call thus\ncausing NULL fcport pointer to dereference at the time of exit.\n\nTo avoid fcport pointer dereference, exit the routine when sa_ctl is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53603",
"url": "https://www.suse.com/security/cve/CVE-2023-53603"
},
{
"category": "external",
"summary": "SUSE Bug 1251180 for CVE-2023-53603",
"url": "https://bugzilla.suse.com/1251180"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53603"
},
{
"cve": "CVE-2023-53611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi_si: fix a memleak in try_smi_init()\n\nKmemleak reported the following leak info in try_smi_init():\n\nunreferenced object 0xffff00018ecf9400 (size 1024):\n comm \"modprobe\", pid 2707763, jiffies 4300851415 (age 773.308s)\n backtrace:\n [\u003c000000004ca5b312\u003e] __kmalloc+0x4b8/0x7b0\n [\u003c00000000953b1072\u003e] try_smi_init+0x148/0x5dc [ipmi_si]\n [\u003c000000006460d325\u003e] 0xffff800081b10148\n [\u003c0000000039206ea5\u003e] do_one_initcall+0x64/0x2a4\n [\u003c00000000601399ce\u003e] do_init_module+0x50/0x300\n [\u003c000000003c12ba3c\u003e] load_module+0x7a8/0x9e0\n [\u003c00000000c246fffe\u003e] __se_sys_init_module+0x104/0x180\n [\u003c00000000eea99093\u003e] __arm64_sys_init_module+0x24/0x30\n [\u003c0000000021b1ef87\u003e] el0_svc_common.constprop.0+0x94/0x250\n [\u003c0000000070f4f8b7\u003e] do_el0_svc+0x48/0xe0\n [\u003c000000005a05337f\u003e] el0_svc+0x24/0x3c\n [\u003c000000005eb248d6\u003e] el0_sync_handler+0x160/0x164\n [\u003c0000000030a59039\u003e] el0_sync+0x160/0x180\n\nThe problem was that when an error occurred before handlers registration\nand after allocating `new_smi-\u003esi_sm`, the variable wouldn\u0027t be freed in\nthe error handling afterwards since `shutdown_smi()` hadn\u0027t been\nregistered yet. Fix it by adding a `kfree()` in the error handling path\nin `try_smi_init()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53611",
"url": "https://www.suse.com/security/cve/CVE-2023-53611"
},
{
"category": "external",
"summary": "SUSE Bug 1251123 for CVE-2023-53611",
"url": "https://bugzilla.suse.com/1251123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53611"
},
{
"cve": "CVE-2023-53613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndax: Fix dax_mapping_release() use after free\n\nA CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region\nprovider (like modprobe -r dax_hmem) yields:\n\n kobject: \u0027mapping0\u0027 (ffff93eb460e8800): kobject_release, parent 0000000000000000 (delayed 2000)\n [..]\n DEBUG_LOCKS_WARN_ON(1)\n WARNING: CPU: 23 PID: 282 at kernel/locking/lockdep.c:232 __lock_acquire+0x9fc/0x2260\n [..]\n RIP: 0010:__lock_acquire+0x9fc/0x2260\n [..]\n Call Trace:\n \u003cTASK\u003e\n [..]\n lock_acquire+0xd4/0x2c0\n ? ida_free+0x62/0x130\n _raw_spin_lock_irqsave+0x47/0x70\n ? ida_free+0x62/0x130\n ida_free+0x62/0x130\n dax_mapping_release+0x1f/0x30\n device_release+0x36/0x90\n kobject_delayed_cleanup+0x46/0x150\n\nDue to attempting ida_free() on an ida object that has already been\nfreed. Devices typically only hold a reference on their parent while\nregistered. If a child needs a parent object to complete its release it\nneeds to hold a reference that it drops from its release callback.\nArrange for a dax_mapping to pin its parent dev_dax instance until\ndax_mapping_release().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53613",
"url": "https://www.suse.com/security/cve/CVE-2023-53613"
},
{
"category": "external",
"summary": "SUSE Bug 1251119 for CVE-2023-53613",
"url": "https://bugzilla.suse.com/1251119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53613"
},
{
"cve": "CVE-2023-53615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix deletion race condition\n\nSystem crash when using debug kernel due to link list corruption. The cause\nof the link list corruption is due to session deletion was allowed to queue\nup twice. Here\u0027s the internal trace that show the same port was allowed to\ndouble queue for deletion on different cpu.\n\n20808683956 015 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n20808683957 027 qla2xxx [0000:13:00.1]-e801:4: Scheduling sess ffff93ebf9306800 for deletion 50:06:0e:80:12:48:ff:50 fc4_type 1\n\nMove the clearing/setting of deleted flag lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53615",
"url": "https://www.suse.com/security/cve/CVE-2023-53615"
},
{
"category": "external",
"summary": "SUSE Bug 1251113 for CVE-2023-53615",
"url": "https://bugzilla.suse.com/1251113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53615"
},
{
"cve": "CVE-2023-53616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: fix invalid free of JFS_IP(ipimap)-\u003ei_imap in diUnmount\n\nsyzbot found an invalid-free in diUnmount:\n\nBUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline]\nBUG: KASAN: double-free in __kmem_cache_free+0x71/0x110 mm/slub.c:3674\nFree of addr ffff88806f410000 by task syz-executor131/3632\n\n CPU: 0 PID: 3632 Comm: syz-executor131 Not tainted 6.1.0-rc7-syzkaller-00012-gca57f02295f1 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022\n Call Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106\n print_address_description+0x74/0x340 mm/kasan/report.c:284\n print_report+0x107/0x1f0 mm/kasan/report.c:395\n kasan_report_invalid_free+0xac/0xd0 mm/kasan/report.c:460\n ____kasan_slab_free+0xfb/0x120\n kasan_slab_free include/linux/kasan.h:177 [inline]\n slab_free_hook mm/slub.c:1724 [inline]\n slab_free_freelist_hook+0x12e/0x1a0 mm/slub.c:1750\n slab_free mm/slub.c:3661 [inline]\n __kmem_cache_free+0x71/0x110 mm/slub.c:3674\n diUnmount+0xef/0x100 fs/jfs/jfs_imap.c:195\n jfs_umount+0x108/0x370 fs/jfs/jfs_umount.c:63\n jfs_put_super+0x86/0x190 fs/jfs/super.c:194\n generic_shutdown_super+0x130/0x310 fs/super.c:492\n kill_block_super+0x79/0xd0 fs/super.c:1428\n deactivate_locked_super+0xa7/0xf0 fs/super.c:332\n cleanup_mnt+0x494/0x520 fs/namespace.c:1186\n task_work_run+0x243/0x300 kernel/task_work.c:179\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x664/0x2070 kernel/exit.c:820\n do_group_exit+0x1fd/0x2b0 kernel/exit.c:950\n __do_sys_exit_group kernel/exit.c:961 [inline]\n __se_sys_exit_group kernel/exit.c:959 [inline]\n __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[...]\n\nJFS_IP(ipimap)-\u003ei_imap is not setting to NULL after free in diUnmount.\nIf jfs_remount() free JFS_IP(ipimap)-\u003ei_imap but then failed at diMount().\nJFS_IP(ipimap)-\u003ei_imap will be freed once again.\nFix this problem by setting JFS_IP(ipimap)-\u003ei_imap to NULL after free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53616",
"url": "https://www.suse.com/security/cve/CVE-2023-53616"
},
{
"category": "external",
"summary": "SUSE Bug 1251215 for CVE-2023-53616",
"url": "https://bugzilla.suse.com/1251215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53616"
},
{
"cve": "CVE-2023-53617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: aspeed: socinfo: Add kfree for kstrdup\n\nAdd kfree() in the later error handling in order to avoid memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53617",
"url": "https://www.suse.com/security/cve/CVE-2023-53617"
},
{
"category": "external",
"summary": "SUSE Bug 1251268 for CVE-2023-53617",
"url": "https://bugzilla.suse.com/1251268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53617"
},
{
"cve": "CVE-2023-53618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject invalid reloc tree root keys with stack dump\n\n[BUG]\nSyzbot reported a crash that an ASSERT() got triggered inside\nprepare_to_merge().\n\nThat ASSERT() makes sure the reloc tree is properly pointed back by its\nsubvolume tree.\n\n[CAUSE]\nAfter more debugging output, it turns out we had an invalid reloc tree:\n\n BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17\n\nNote the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM,\nQUOTA_TREE_OBJECTID), meaning it\u0027s a reloc tree for quota tree.\n\nBut reloc trees can only exist for subvolumes, as for non-subvolume\ntrees, we just COW the involved tree block, no need to create a reloc\ntree since those tree blocks won\u0027t be shared with other trees.\n\nOnly subvolumes tree can share tree blocks with other trees (thus they\nhave BTRFS_ROOT_SHAREABLE flag).\n\nThus this new debug output proves my previous assumption that corrupted\non-disk data can trigger that ASSERT().\n\n[FIX]\nBesides the dedicated fix and the graceful exit, also let tree-checker to\ncheck such root keys, to make sure reloc trees can only exist for subvolumes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53618",
"url": "https://www.suse.com/security/cve/CVE-2023-53618"
},
{
"category": "external",
"summary": "SUSE Bug 1251748 for CVE-2023-53618",
"url": "https://bugzilla.suse.com/1251748"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53618"
},
{
"cve": "CVE-2023-53619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: conntrack: Avoid nf_ct_helper_hash uses after free\n\nIf nf_conntrack_init_start() fails (for example due to a\nregister_nf_conntrack_bpf() failure), the nf_conntrack_helper_fini()\nclean-up path frees the nf_ct_helper_hash map.\n\nWhen built with NF_CONNTRACK=y, further netfilter modules (e.g:\nnetfilter_conntrack_ftp) can still be loaded and call\nnf_conntrack_helpers_register(), independently of whether nf_conntrack\ninitialized correctly. This accesses the nf_ct_helper_hash dangling\npointer and causes a uaf, possibly leading to random memory corruption.\n\nThis patch guards nf_conntrack_helper_register() from accessing a freed\nor uninitialized nf_ct_helper_hash pointer and fixes possible\nuses-after-free when loading a conntrack module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53619",
"url": "https://www.suse.com/security/cve/CVE-2023-53619"
},
{
"category": "external",
"summary": "SUSE Bug 1251743 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251743"
},
{
"category": "external",
"summary": "SUSE Bug 1251745 for CVE-2023-53619",
"url": "https://bugzilla.suse.com/1251745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53619"
},
{
"cve": "CVE-2023-53621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcontrol: ensure memcg acquired by id is properly set up\n\nIn the eviction recency check, we attempt to retrieve the memcg to which\nthe folio belonged when it was evicted, by the memcg id stored in the\nshadow entry. However, there is a chance that the retrieved memcg is not\nthe original memcg that has been killed, but a new one which happens to\nhave the same id.\n\nThis is a somewhat unfortunate, but acceptable and rare inaccuracy in the\nheuristics. However, if we retrieve this new memcg between its allocation\nand when it is properly attached to the memcg hierarchy, we could run into\nthe following NULL pointer exception during the memcg hierarchy traversal\ndone in mem_cgroup_get_nr_swap_pages():\n\n[ 155757.793456] BUG: kernel NULL pointer dereference, address: 00000000000000c0\n[ 155757.807568] #PF: supervisor read access in kernel mode\n[ 155757.818024] #PF: error_code(0x0000) - not-present page\n[ 155757.828482] PGD 401f77067 P4D 401f77067 PUD 401f76067 PMD 0\n[ 155757.839985] Oops: 0000 [#1] SMP\n[ 155757.887870] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155757.899377] Code: 29 19 4a 02 48 39 f9 74 63 48 8b 97 c0 00 00 00 48 8b b7 58 02 00 00 48 2b b7 c0 01 00 00 48 39 f0 48 0f 4d c6 48 39 d1 74 42 \u003c48\u003e 8b b2 c0 00 00 00 48 8b ba 58 02 00 00 48 2b ba c0 01 00 00 48\n[ 155757.937125] RSP: 0018:ffffc9002ecdfbc8 EFLAGS: 00010286\n[ 155757.947755] RAX: 00000000003a3b1c RBX: 000007ffffffffff RCX: ffff888280183000\n[ 155757.962202] RDX: 0000000000000000 RSI: 0007ffffffffffff RDI: ffff888bbc2d1000\n[ 155757.976648] RBP: 0000000000000001 R08: 000000000000000b R09: ffff888ad9cedba0\n[ 155757.991094] R10: ffffea0039c07900 R11: 0000000000000010 R12: ffff888b23a7b000\n[ 155758.005540] R13: 0000000000000000 R14: ffff888bbc2d1000 R15: 000007ffffc71354\n[ 155758.019991] FS: 00007f6234c68640(0000) GS:ffff88903f9c0000(0000) knlGS:0000000000000000\n[ 155758.036356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 155758.048023] CR2: 00000000000000c0 CR3: 0000000a83eb8004 CR4: 00000000007706e0\n[ 155758.062473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 155758.076924] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 155758.091376] PKRU: 55555554\n[ 155758.096957] Call Trace:\n[ 155758.102016] \u003cTASK\u003e\n[ 155758.106502] ? __die+0x78/0xc0\n[ 155758.112793] ? page_fault_oops+0x286/0x380\n[ 155758.121175] ? exc_page_fault+0x5d/0x110\n[ 155758.129209] ? asm_exc_page_fault+0x22/0x30\n[ 155758.137763] ? mem_cgroup_get_nr_swap_pages+0x3d/0xb0\n[ 155758.148060] workingset_test_recent+0xda/0x1b0\n[ 155758.157133] workingset_refault+0xca/0x1e0\n[ 155758.165508] filemap_add_folio+0x4d/0x70\n[ 155758.173538] page_cache_ra_unbounded+0xed/0x190\n[ 155758.182919] page_cache_sync_ra+0xd6/0x1e0\n[ 155758.191738] filemap_read+0x68d/0xdf0\n[ 155758.199495] ? mlx5e_napi_poll+0x123/0x940\n[ 155758.207981] ? __napi_schedule+0x55/0x90\n[ 155758.216095] __x64_sys_pread64+0x1d6/0x2c0\n[ 155758.224601] do_syscall_64+0x3d/0x80\n[ 155758.232058] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n[ 155758.242473] RIP: 0033:0x7f62c29153b5\n[ 155758.249938] Code: e8 48 89 75 f0 89 7d f8 48 89 4d e0 e8 b4 e6 f7 ff 41 89 c0 4c 8b 55 e0 48 8b 55 e8 48 8b 75 f0 8b 7d f8 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 33 44 89 c7 48 89 45 f8 e8 e7 e6 f7 ff 48 8b\n[ 155758.288005] RSP: 002b:00007f6234c5ffd0 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 155758.303474] RAX: ffffffffffffffda RBX: 00007f628c4e70c0 RCX: 00007f62c29153b5\n[ 155758.318075] RDX: 000000000003c041 RSI: 00007f61d2986000 RDI: 0000000000000076\n[ 155758.332678] RBP: 00007f6234c5fff0 R08: 0000000000000000 R09: 0000000064d5230c\n[ 155758.347452] R10: 000000000027d450 R11: 0000000000000293 R12: 000000000003c041\n[ 155758.362044] R13: 00007f61d2986000 R14: 00007f629e11b060 R15: 000000000027d450\n[ 155758.376661] \u003c/TASK\u003e\n\nThis patch fixes the issue by moving the memcg\u0027s id publication from the\nalloc stage to \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53621",
"url": "https://www.suse.com/security/cve/CVE-2023-53621"
},
{
"category": "external",
"summary": "SUSE Bug 1251323 for CVE-2023-53621",
"url": "https://bugzilla.suse.com/1251323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53621"
},
{
"cve": "CVE-2023-53622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix possible data races in gfs2_show_options()\n\nSome fields such as gt_logd_secs of the struct gfs2_tune are accessed\nwithout holding the lock gt_spin in gfs2_show_options():\n\n val = sdp-\u003esd_tune.gt_logd_secs;\n if (val != 30)\n seq_printf(s, \",commit=%d\", val);\n\nAnd thus can cause data races when gfs2_show_options() and other functions\nsuch as gfs2_reconfigure() are concurrently executed:\n\n spin_lock(\u0026gt-\u003egt_spin);\n gt-\u003egt_logd_secs = newargs-\u003ear_commit;\n\nTo fix these possible data races, the lock sdp-\u003esd_tune.gt_spin is\nacquired before accessing the fields of gfs2_tune and released after these\naccesses.\n\nFurther changes by Andreas:\n\n- Don\u0027t hold the spin lock over the seq_printf operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53622",
"url": "https://www.suse.com/security/cve/CVE-2023-53622"
},
{
"category": "external",
"summary": "SUSE Bug 1251777 for CVE-2023-53622",
"url": "https://bugzilla.suse.com/1251777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53622"
},
{
"cve": "CVE-2023-53631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53631"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-sysman: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(),\na reference to that attribute is returned. This means\nthat we need to dispose it accordingly. Use kobject_put()\nto dispose the duplicate attribute in such a case.\n\nCompile-tested only.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53631",
"url": "https://www.suse.com/security/cve/CVE-2023-53631"
},
{
"category": "external",
"summary": "SUSE Bug 1251529 for CVE-2023-53631",
"url": "https://bugzilla.suse.com/1251529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53631"
},
{
"cve": "CVE-2023-53632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53632"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Take RTNL lock when needed before calling xdp_set_features()\n\nHold RTNL lock when calling xdp_set_features() with a registered netdev,\nas the call triggers the netdev notifiers. This could happen when\nswitching from uplink rep to nic profile for example.\n\nThis resolves the following call trace:\n\nRTNL: assertion failed at net/core/dev.c (1953)\nWARNING: CPU: 6 PID: 112670 at net/core/dev.c:1953 call_netdevice_notifiers_info+0x7c/0x80\nModules linked in: sch_mqprio sch_mqprio_lib act_tunnel_key act_mirred act_skbedit cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress bonding ib_umad ip_gre rdma_ucm mlx5_vfio_pci ipip tunnel4 ip6_gre gre mlx5_ib vfio_pci vfio_pci_core vfio_iommu_type1 ib_uverbs vfio mlx5_core ib_ipoib geneve nf_tables ip6_tunnel tunnel6 iptable_raw openvswitch nsh rpcrdma ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm ib_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay zram zsmalloc fuse [last unloaded: ib_uverbs]\nCPU: 6 PID: 112670 Comm: devlink Not tainted 6.4.0-rc7_for_upstream_min_debug_2023_06_28_17_02 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:call_netdevice_notifiers_info+0x7c/0x80\nCode: 90 ff 80 3d 2d 6b f7 00 00 75 c5 ba a1 07 00 00 48 c7 c6 e4 ce 0b 82 48 c7 c7 c8 f4 04 82 c6 05 11 6b f7 00 01 e8 a4 7c 8e ff \u003c0f\u003e 0b eb a2 0f 1f 44 00 00 55 48 89 e5 41 54 48 83 e4 f0 48 83 ec\nRSP: 0018:ffff8882a21c3948 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff82e6f880 RCX: 0000000000000027\nRDX: ffff88885f99b5c8 RSI: 0000000000000001 RDI: ffff88885f99b5c0\nRBP: 0000000000000028 R08: ffff88887ffabaa8 R09: 0000000000000003\nR10: ffff88887fecbac0 R11: ffff88887ff7bac0 R12: ffff8882a21c3968\nR13: ffff88811c018940 R14: 0000000000000000 R15: ffff8881274401a0\nFS: 00007fe141c81800(0000) GS:ffff88885f980000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f787c28b948 CR3: 000000014bcf3005 CR4: 0000000000370ea0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x79/0x120\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? report_bug+0x17c/0x190\n ? handle_bug+0x3c/0x60\n ? exc_invalid_op+0x14/0x70\n ? asm_exc_invalid_op+0x16/0x20\n ? call_netdevice_notifiers_info+0x7c/0x80\n ? call_netdevice_notifiers_info+0x7c/0x80\n call_netdevice_notifiers+0x2e/0x50\n mlx5e_set_xdp_feature+0x21/0x50 [mlx5_core]\n mlx5e_nic_init+0xf1/0x1a0 [mlx5_core]\n mlx5e_netdev_init_profile+0x76/0x110 [mlx5_core]\n mlx5e_netdev_attach_profile+0x1f/0x90 [mlx5_core]\n mlx5e_netdev_change_profile+0x92/0x160 [mlx5_core]\n mlx5e_netdev_attach_nic_profile+0x1b/0x30 [mlx5_core]\n mlx5e_vport_rep_unload+0xaa/0xc0 [mlx5_core]\n __esw_offloads_unload_rep+0x52/0x60 [mlx5_core]\n mlx5_esw_offloads_rep_unload+0x52/0x70 [mlx5_core]\n esw_offloads_unload_rep+0x34/0x70 [mlx5_core]\n esw_offloads_disable+0x2b/0x90 [mlx5_core]\n mlx5_eswitch_disable_locked+0x1b9/0x210 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0xf5/0x630 [mlx5_core]\n ? devlink_get_from_attrs_lock+0x9e/0x110\n devlink_nl_cmd_eswitch_set_doit+0x60/0xe0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x17d/0x2b0\n ? devlink_get_from_attrs_lock+0x110/0x110\n ? devlink_nl_cmd_eswitch_get_doit+0x290/0x290\n ? devlink_pernet_pre_exit+0xf0/0xf0\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x232/0x4a0\n sock_sendmsg+0x38/0x60\n ? _copy_from_user+0x2a/0x60\n __sys_sendto+0x110/0x160\n ? __count_memcg_events+0x48/0x90\n ? handle_mm_fault+0x161/0x260\n ? do_user_addr_fault+0x278/0x6e0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53632",
"url": "https://www.suse.com/security/cve/CVE-2023-53632"
},
{
"category": "external",
"summary": "SUSE Bug 1251269 for CVE-2023-53632",
"url": "https://bugzilla.suse.com/1251269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53632"
},
{
"cve": "CVE-2023-53633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53633"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/qaic: Fix a leak in map_user_pages()\n\nIf get_user_pages_fast() allocates some pages but not as many as we\nwanted, then the current code leaks those pages. Call put_page() on\nthe pages before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53633",
"url": "https://www.suse.com/security/cve/CVE-2023-53633"
},
{
"category": "external",
"summary": "SUSE Bug 1251746 for CVE-2023-53633",
"url": "https://bugzilla.suse.com/1251746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53633"
},
{
"cve": "CVE-2023-53638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53638"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: cancel queued works in probe error path\n\nIf it fails to get the devices\u0027s MAC address, octep_probe exits while\nleaving the delayed work intr_poll_task queued. When the work later\nruns, it\u0027s a use after free.\n\nMove the cancelation of intr_poll_task from octep_remove into\noctep_device_cleanup. This does not change anything in the octep_remove\nflow, but octep_device_cleanup is called also in the octep_probe error\npath, where the cancelation is needed.\n\nNote that the cancelation of ctrl_mbox_task has to follow\nintr_poll_task\u0027s, because the ctrl_mbox_task may be queued by\nintr_poll_task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53638",
"url": "https://www.suse.com/security/cve/CVE-2023-53638"
},
{
"category": "external",
"summary": "SUSE Bug 1251328 for CVE-2023-53638",
"url": "https://bugzilla.suse.com/1251328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53638"
},
{
"cve": "CVE-2023-53645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53645"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make bpf_refcount_acquire fallible for non-owning refs\n\nThis patch fixes an incorrect assumption made in the original\nbpf_refcount series [0], specifically that the BPF program calling\nbpf_refcount_acquire on some node can always guarantee that the node is\nalive. In that series, the patch adding failure behavior to rbtree_add\nand list_push_{front, back} breaks this assumption for non-owning\nreferences.\n\nConsider the following program:\n\n n = bpf_kptr_xchg(\u0026mapval, NULL);\n /* skip error checking */\n\n bpf_spin_lock(\u0026l);\n if(bpf_rbtree_add(\u0026t, \u0026n-\u003erb, less)) {\n bpf_refcount_acquire(n);\n /* Failed to add, do something else with the node */\n }\n bpf_spin_unlock(\u0026l);\n\nIt\u0027s incorrect to assume that bpf_refcount_acquire will always succeed in this\nscenario. bpf_refcount_acquire is being called in a critical section\nhere, but the lock being held is associated with rbtree t, which isn\u0027t\nnecessarily the lock associated with the tree that the node is already\nin. So after bpf_rbtree_add fails to add the node and calls bpf_obj_drop\nin it, the program has no ownership of the node\u0027s lifetime. Therefore\nthe node\u0027s refcount can be decr\u0027d to 0 at any time after the failing\nrbtree_add. If this happens before the refcount_acquire above, the node\nmight be free\u0027d, and regardless refcount_acquire will be incrementing a\n0 refcount.\n\nLater patches in the series exercise this scenario, resulting in the\nexpected complaint from the kernel (without this patch\u0027s changes):\n\n refcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 207 at lib/refcount.c:25 refcount_warn_saturate+0xbc/0x110\n Modules linked in: bpf_testmod(O)\n CPU: 1 PID: 207 Comm: test_progs Tainted: G O 6.3.0-rc7-02231-g723de1a718a2-dirty #371\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014\n RIP: 0010:refcount_warn_saturate+0xbc/0x110\n Code: 6f 64 f6 02 01 e8 84 a3 5c ff 0f 0b eb 9d 80 3d 5e 64 f6 02 00 75 94 48 c7 c7 e0 13 d2 82 c6 05 4e 64 f6 02 01 e8 64 a3 5c ff \u003c0f\u003e 0b e9 7a ff ff ff 80 3d 38 64 f6 02 00 0f 85 6d ff ff ff 48 c7\n RSP: 0018:ffff88810b9179b0 EFLAGS: 00010082\n RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000\n RDX: 0000000000000202 RSI: 0000000000000008 RDI: ffffffff857c3680\n RBP: ffff88810027d3c0 R08: ffffffff8125f2a4 R09: ffff88810b9176e7\n R10: ffffed1021722edc R11: 746e756f63666572 R12: ffff88810027d388\n R13: ffff88810027d3c0 R14: ffffc900005fe030 R15: ffffc900005fe048\n FS: 00007fee0584a700(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005634a96f6c58 CR3: 0000000108ce9002 CR4: 0000000000770ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n bpf_refcount_acquire_impl+0xb5/0xc0\n\n (rest of output snipped)\n\nThe patch addresses this by changing bpf_refcount_acquire_impl to use\nrefcount_inc_not_zero instead of refcount_inc and marking\nbpf_refcount_acquire KF_RET_NULL.\n\nFor owning references, though, we know the above scenario is not possible\nand thus that bpf_refcount_acquire will always succeed. Some verifier\nbookkeeping is added to track \"is input owning ref?\" for bpf_refcount_acquire\ncalls and return false from is_kfunc_ret_null for bpf_refcount_acquire on\nowning refs despite it being marked KF_RET_NULL.\n\nExisting selftests using bpf_refcount_acquire are modified where\nnecessary to NULL-check its return value.\n\n [0]: https://lore.kernel.org/bpf/20230415201811.343116-1-davemarchevsky@fb.com/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53645",
"url": "https://www.suse.com/security/cve/CVE-2023-53645"
},
{
"category": "external",
"summary": "SUSE Bug 1251321 for CVE-2023-53645",
"url": "https://bugzilla.suse.com/1251321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53645"
},
{
"cve": "CVE-2023-53646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53646"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/perf: add sentinel to xehp_oa_b_counters\n\nArrays passed to reg_in_range_table should end with empty record.\n\nThe patch solves KASAN detected bug with signature:\nBUG: KASAN: global-out-of-bounds in xehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\nRead of size 4 at addr ffffffffa1555d90 by task perf/1518\n\nCPU: 4 PID: 1518 Comm: perf Tainted: G U 6.4.0-kasan_438-g3303d06107f3+ #1\nHardware name: Intel Corporation Meteor Lake Client Platform/MTL-P DDR5 SODIMM SBS RVP, BIOS MTLPFWI1.R00.3223.D80.2305311348 05/31/2023\nCall Trace:\n\u003cTASK\u003e\n...\nxehp_is_valid_b_counter_addr+0x2c7/0x350 [i915]\n\n(cherry picked from commit 2f42c5afb34b5696cf5fe79e744f99be9b218798)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53646",
"url": "https://www.suse.com/security/cve/CVE-2023-53646"
},
{
"category": "external",
"summary": "SUSE Bug 1251742 for CVE-2023-53646",
"url": "https://bugzilla.suse.com/1251742"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53646"
},
{
"cve": "CVE-2023-53647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53647"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t dereference ACPI root object handle\n\nSince the commit referenced in the Fixes: tag below the VMBus client driver\nis walking the ACPI namespace up from the VMBus ACPI device to the ACPI\nnamespace root object trying to find Hyper-V MMIO ranges.\n\nHowever, if it is not able to find them it ends trying to walk resources of\nthe ACPI namespace root object itself.\nThis object has all-ones handle, which causes a NULL pointer dereference\nin the ACPI code (from dereferencing this pointer with an offset).\n\nThis in turn causes an oops on boot with VMBus host implementations that do\nnot provide Hyper-V MMIO ranges in their VMBus ACPI device or its\nancestors.\nThe QEMU VMBus implementation is an example of such implementation.\n\nI guess providing these ranges is optional, since all tested Windows\nversions seem to be able to use VMBus devices without them.\n\nFix this by explicitly terminating the lookup at the ACPI namespace root\nobject.\n\nNote that Linux guests under KVM/QEMU do not use the Hyper-V PV interface\nby default - they only do so if the KVM PV interface is missing or\ndisabled.\n\nExample stack trace of such oops:\n[ 3.710827] ? __die+0x1f/0x60\n[ 3.715030] ? page_fault_oops+0x159/0x460\n[ 3.716008] ? exc_page_fault+0x73/0x170\n[ 3.716959] ? asm_exc_page_fault+0x22/0x30\n[ 3.717957] ? acpi_ns_lookup+0x7a/0x4b0\n[ 3.718898] ? acpi_ns_internalize_name+0x79/0xc0\n[ 3.720018] acpi_ns_get_node_unlocked+0xb5/0xe0\n[ 3.721120] ? acpi_ns_check_object_type+0xfe/0x200\n[ 3.722285] ? acpi_rs_convert_aml_to_resource+0x37/0x6e0\n[ 3.723559] ? down_timeout+0x3a/0x60\n[ 3.724455] ? acpi_ns_get_node+0x3a/0x60\n[ 3.725412] acpi_ns_get_node+0x3a/0x60\n[ 3.726335] acpi_ns_evaluate+0x1c3/0x2c0\n[ 3.727295] acpi_ut_evaluate_object+0x64/0x1b0\n[ 3.728400] acpi_rs_get_method_data+0x2b/0x70\n[ 3.729476] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.730940] ? vmbus_platform_driver_probe+0x1d0/0x1d0 [hv_vmbus]\n[ 3.732411] acpi_walk_resources+0x78/0xd0\n[ 3.733398] vmbus_platform_driver_probe+0x9f/0x1d0 [hv_vmbus]\n[ 3.734802] platform_probe+0x3d/0x90\n[ 3.735684] really_probe+0x19b/0x400\n[ 3.736570] ? __device_attach_driver+0x100/0x100\n[ 3.737697] __driver_probe_device+0x78/0x160\n[ 3.738746] driver_probe_device+0x1f/0x90\n[ 3.739743] __driver_attach+0xc2/0x1b0\n[ 3.740671] bus_for_each_dev+0x70/0xc0\n[ 3.741601] bus_add_driver+0x10e/0x210\n[ 3.742527] driver_register+0x55/0xf0\n[ 3.744412] ? 0xffffffffc039a000\n[ 3.745207] hv_acpi_init+0x3c/0x1000 [hv_vmbus]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53647",
"url": "https://www.suse.com/security/cve/CVE-2023-53647"
},
{
"category": "external",
"summary": "SUSE Bug 1251732 for CVE-2023-53647",
"url": "https://bugzilla.suse.com/1251732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53647"
},
{
"cve": "CVE-2023-53648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53648"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer\n\nsmatch error:\nsound/pci/ac97/ac97_codec.c:2354 snd_ac97_mixer() error:\nwe previously assumed \u0027rac97\u0027 could be null (see line 2072)\n\nremove redundant assignment, return error if rac97 is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53648",
"url": "https://www.suse.com/security/cve/CVE-2023-53648"
},
{
"category": "external",
"summary": "SUSE Bug 1251750 for CVE-2023-53648",
"url": "https://bugzilla.suse.com/1251750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53648"
},
{
"cve": "CVE-2023-53649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53649"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf trace: Really free the evsel-\u003epriv area\n\nIn 3cb4d5e00e037c70 (\"perf trace: Free syscall tp fields in\nevsel-\u003epriv\") it only was freeing if strcmp(evsel-\u003etp_format-\u003esystem,\n\"syscalls\") returned zero, while the corresponding initialization of\nevsel-\u003epriv was being performed if it was _not_ zero, i.e. if the tp\nsystem wasn\u0027t \u0027syscalls\u0027.\n\nJust stop looking for that and free it if evsel-\u003epriv was set, which\nshould be equivalent.\n\nAlso use the pre-existing evsel_trace__delete() function.\n\nThis resolves these leaks, detected with:\n\n $ make EXTRA_CFLAGS=\"-fsanitize=address\" BUILD_BPF_SKEL=1 CORESIGHT=1 O=/tmp/build/perf-tools-next -C tools/perf install-bin\n\n =================================================================\n ==481565==ERROR: LeakSanitizer: detected memory leaks\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540e8b in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3212\n #7 0x540e8b in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540e8b in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n Direct leak of 40 byte(s) in 1 object(s) allocated from:\n #0 0x7f7343cba097 in calloc (/lib64/libasan.so.8+0xba097)\n #1 0x987966 in zalloc (/home/acme/bin/perf+0x987966)\n #2 0x52f9b9 in evsel_trace__new /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:307\n #3 0x52f9b9 in evsel__syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:333\n #4 0x52f9b9 in evsel__init_raw_syscall_tp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:458\n #5 0x52f9b9 in perf_evsel__raw_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:480\n #6 0x540dd1 in trace__add_syscall_newtp /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3205\n #7 0x540dd1 in trace__run /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:3891\n #8 0x540dd1 in cmd_trace /home/acme/git/perf-tools-next/tools/perf/builtin-trace.c:5156\n #9 0x5ef262 in run_builtin /home/acme/git/perf-tools-next/tools/perf/perf.c:323\n #10 0x4196da in handle_internal_command /home/acme/git/perf-tools-next/tools/perf/perf.c:377\n #11 0x4196da in run_argv /home/acme/git/perf-tools-next/tools/perf/perf.c:421\n #12 0x4196da in main /home/acme/git/perf-tools-next/tools/perf/perf.c:537\n #13 0x7f7342c4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)\n\n SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).\n [root@quaco ~]#\n\nWith this we plug all leaks with \"perf trace sleep 1\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53649",
"url": "https://www.suse.com/security/cve/CVE-2023-53649"
},
{
"category": "external",
"summary": "SUSE Bug 1251749 for CVE-2023-53649",
"url": "https://bugzilla.suse.com/1251749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53649"
},
{
"cve": "CVE-2023-53650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53650"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()\n\nIf \u0027mipid_detect()\u0027 fails, we must free \u0027md\u0027 to avoid a memory leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53650",
"url": "https://www.suse.com/security/cve/CVE-2023-53650"
},
{
"category": "external",
"summary": "SUSE Bug 1251283 for CVE-2023-53650",
"url": "https://bugzilla.suse.com/1251283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53650"
},
{
"cve": "CVE-2023-53652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53652"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvdpa: Add features attr to vdpa_nl_policy for nlattr length check\n\nThe vdpa_nl_policy structure is used to validate the nlattr when parsing\nthe incoming nlmsg. It will ensure the attribute being described produces\na valid nlattr pointer in info-\u003eattrs before entering into each handler\nin vdpa_nl_ops.\n\nThat is to say, the missing part in vdpa_nl_policy may lead to illegal\nnlattr after parsing, which could lead to OOB read just like CVE-2023-3773.\n\nThis patch adds the missing nla_policy for vdpa features attr to avoid\nsuch bugs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53652",
"url": "https://www.suse.com/security/cve/CVE-2023-53652"
},
{
"category": "external",
"summary": "SUSE Bug 1251754 for CVE-2023-53652",
"url": "https://bugzilla.suse.com/1251754"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53652"
},
{
"cve": "CVE-2023-53653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: amphion: fix REVERSE_INULL issues reported by coverity\n\nnull-checking of a pointor is suggested before dereferencing it",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53653",
"url": "https://www.suse.com/security/cve/CVE-2023-53653"
},
{
"category": "external",
"summary": "SUSE Bug 1251755 for CVE-2023-53653",
"url": "https://bugzilla.suse.com/1251755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53653"
},
{
"cve": "CVE-2023-53654",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53654"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: Add validation before accessing cgx and lmac\n\nwith the addition of new MAC blocks like CN10K RPM and CN10KB\nRPM_USX, LMACs are noncontiguous and CGX blocks are also\nnoncontiguous. But during RVU driver initialization, the driver\nis assuming they are contiguous and trying to access\ncgx or lmac with their id which is resulting in kernel panic.\n\nThis patch fixes the issue by adding proper checks.\n\n[ 23.219150] pc : cgx_lmac_read+0x38/0x70\n[ 23.219154] lr : rvu_program_channels+0x3f0/0x498\n[ 23.223852] sp : ffff000100d6fc80\n[ 23.227158] x29: ffff000100d6fc80 x28: ffff00010009f880 x27:\n000000000000005a\n[ 23.234288] x26: ffff000102586768 x25: 0000000000002500 x24:\nfffffffffff0f000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53654",
"url": "https://www.suse.com/security/cve/CVE-2023-53654"
},
{
"category": "external",
"summary": "SUSE Bug 1251756 for CVE-2023-53654",
"url": "https://bugzilla.suse.com/1251756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53654"
},
{
"cve": "CVE-2023-53656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53656"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers/perf: hisi: Don\u0027t migrate perf to the CPU going to teardown\n\nThe driver needs to migrate the perf context if the current using CPU going\nto teardown. By the time calling the cpuhp::teardown() callback the\ncpu_online_mask() hasn\u0027t updated yet and still includes the CPU going to\nteardown. In current driver\u0027s implementation we may migrate the context\nto the teardown CPU and leads to the below calltrace:\n\n...\n[ 368.104662][ T932] task:cpuhp/0 state:D stack: 0 pid: 15 ppid: 2 flags:0x00000008\n[ 368.113699][ T932] Call trace:\n[ 368.116834][ T932] __switch_to+0x7c/0xbc\n[ 368.120924][ T932] __schedule+0x338/0x6f0\n[ 368.125098][ T932] schedule+0x50/0xe0\n[ 368.128926][ T932] schedule_preempt_disabled+0x18/0x24\n[ 368.134229][ T932] __mutex_lock.constprop.0+0x1d4/0x5dc\n[ 368.139617][ T932] __mutex_lock_slowpath+0x1c/0x30\n[ 368.144573][ T932] mutex_lock+0x50/0x60\n[ 368.148579][ T932] perf_pmu_migrate_context+0x84/0x2b0\n[ 368.153884][ T932] hisi_pcie_pmu_offline_cpu+0x90/0xe0 [hisi_pcie_pmu]\n[ 368.160579][ T932] cpuhp_invoke_callback+0x2a0/0x650\n[ 368.165707][ T932] cpuhp_thread_fun+0xe4/0x190\n[ 368.170316][ T932] smpboot_thread_fn+0x15c/0x1a0\n[ 368.175099][ T932] kthread+0x108/0x13c\n[ 368.179012][ T932] ret_from_fork+0x10/0x18\n...\n\nUse function cpumask_any_but() to find one correct active cpu to fixes\nthis issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53656",
"url": "https://www.suse.com/security/cve/CVE-2023-53656"
},
{
"category": "external",
"summary": "SUSE Bug 1251758 for CVE-2023-53656",
"url": "https://bugzilla.suse.com/1251758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53656"
},
{
"cve": "CVE-2023-53657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53657"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don\u0027t tx before switchdev is fully configured\n\nThere is possibility that ice_eswitch_port_start_xmit might be\ncalled while some resources are still not allocated which might\ncause NULL pointer dereference. Fix this by checking if switchdev\nconfiguration was finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53657",
"url": "https://www.suse.com/security/cve/CVE-2023-53657"
},
{
"category": "external",
"summary": "SUSE Bug 1251319 for CVE-2023-53657",
"url": "https://bugzilla.suse.com/1251319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53657"
},
{
"cve": "CVE-2023-53658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53658"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: bcm-qspi: return error if neither hif_mspi nor mspi is available\n\nIf neither a \"hif_mspi\" nor \"mspi\" resource is present, the driver will\njust early exit in probe but still return success. Apart from not doing\nanything meaningful, this would then also lead to a null pointer access\non removal, as platform_get_drvdata() would return NULL, which it would\nthen try to dereference when trying to unregister the spi master.\n\nFix this by unconditionally calling devm_ioremap_resource(), as it can\nhandle a NULL res and will then return a viable ERR_PTR() if we get one.\n\nThe \"return 0;\" was previously a \"goto qspi_resource_err;\" where then\nret was returned, but since ret was still initialized to 0 at this place\nthis was a valid conversion in 63c5395bb7a9 (\"spi: bcm-qspi: Fix\nuse-after-free on unbind\"). The issue was not introduced by this commit,\nonly made more obvious.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53658",
"url": "https://www.suse.com/security/cve/CVE-2023-53658"
},
{
"category": "external",
"summary": "SUSE Bug 1251759 for CVE-2023-53658",
"url": "https://bugzilla.suse.com/1251759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53658"
},
{
"cve": "CVE-2023-53659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53659"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Fix out-of-bounds when setting channels on remove\n\nIf we set channels greater during iavf_remove(), and waiting reset done\nwould be timeout, then returned with error but changed num_active_queues\ndirectly, that will lead to OOB like the following logs. Because the\nnum_active_queues is greater than tx/rx_rings[] allocated actually.\n\nReproducer:\n\n [root@host ~]# cat repro.sh\n #!/bin/bash\n\n pf_dbsf=\"0000:41:00.0\"\n vf0_dbsf=\"0000:41:02.0\"\n g_pids=()\n\n function do_set_numvf()\n {\n echo 2 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n echo 0 \u003e/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs\n sleep $((RANDOM%3+1))\n }\n\n function do_set_channel()\n {\n local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/)\n [ -z \"$nic\" ] \u0026\u0026 { sleep $((RANDOM%3)) ; return 1; }\n ifconfig $nic 192.168.18.5 netmask 255.255.255.0\n ifconfig $nic up\n ethtool -L $nic combined 1\n ethtool -L $nic combined 4\n sleep $((RANDOM%3))\n }\n\n function on_exit()\n {\n local pid\n for pid in \"${g_pids[@]}\"; do\n kill -0 \"$pid\" \u0026\u003e/dev/null \u0026\u0026 kill \"$pid\" \u0026\u003e/dev/null\n done\n g_pids=()\n }\n\n trap \"on_exit; exit\" EXIT\n\n while :; do do_set_numvf ; done \u0026\n g_pids+=($!)\n while :; do do_set_channel ; done \u0026\n g_pids+=($!)\n\n wait\n\nResult:\n\n[ 3506.152887] iavf 0000:41:02.0: Removing device\n[ 3510.400799] ==================================================================\n[ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536\n[ 3510.400823]\n[ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1\n[ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021\n[ 3510.400835] Call Trace:\n[ 3510.400851] dump_stack+0x71/0xab\n[ 3510.400860] print_address_description+0x6b/0x290\n[ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400868] kasan_report+0x14a/0x2b0\n[ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf]\n[ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf]\n[ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf]\n[ 3510.400891] ? wait_woken+0x1d0/0x1d0\n[ 3510.400895] ? notifier_call_chain+0xc1/0x130\n[ 3510.400903] pci_device_remove+0xa8/0x1f0\n[ 3510.400910] device_release_driver_internal+0x1c6/0x460\n[ 3510.400916] pci_stop_bus_device+0x101/0x150\n[ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20\n[ 3510.400924] pci_iov_remove_virtfn+0x187/0x420\n[ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10\n[ 3510.400929] ? pci_get_subsys+0x90/0x90\n[ 3510.400932] sriov_disable+0xed/0x3e0\n[ 3510.400936] ? bus_find_device+0x12d/0x1a0\n[ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e]\n[ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e]\n[ 3510.400968] ? pci_get_device+0x7c/0x90\n[ 3510.400970] ? pci_get_subsys+0x90/0x90\n[ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210\n[ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e]\n[ 3510.401001] sriov_numvfs_store+0x214/0x290\n[ 3510.401005] ? sriov_totalvfs_show+0x30/0x30\n[ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10\n[ 3510.401011] ? __check_object_size+0x15a/0x350\n[ 3510.401018] kernfs_fop_write+0x280/0x3f0\n[ 3510.401022] vfs_write+0x145/0x440\n[ 3510.401025] ksys_write+0xab/0x160\n[ 3510.401028] ? __ia32_sys_read+0xb0/0xb0\n[ 3510.401031] ? fput_many+0x1a/0x120\n[ 3510.401032] ? filp_close+0xf0/0x130\n[ 3510.401038] do_syscall_64+0xa0/0x370\n[ 3510.401041] ? page_fault+0x8/0x30\n[ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 3510.401073] RIP: 0033:0x7f3a9bb842c0\n[ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 \u003c48\u003e 3d \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53659",
"url": "https://www.suse.com/security/cve/CVE-2023-53659"
},
{
"category": "external",
"summary": "SUSE Bug 1251247 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251247"
},
{
"category": "external",
"summary": "SUSE Bug 1251248 for CVE-2023-53659",
"url": "https://bugzilla.suse.com/1251248"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2023-53659"
},
{
"cve": "CVE-2023-53660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53660"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, cpumap: Handle skb as well when clean up ptr_ring\n\nThe following warning was reported when running xdp_redirect_cpu with\nboth skb-mode and stress-mode enabled:\n\n ------------[ cut here ]------------\n Incorrect XDP memory type (-2128176192) usage\n WARNING: CPU: 7 PID: 1442 at net/core/xdp.c:405\n Modules linked in:\n CPU: 7 PID: 1442 Comm: kworker/7:0 Tainted: G 6.5.0-rc2+ #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)\n Workqueue: events __cpu_map_entry_free\n RIP: 0010:__xdp_return+0x1e4/0x4a0\n ......\n Call Trace:\n \u003cTASK\u003e\n ? show_regs+0x65/0x70\n ? __warn+0xa5/0x240\n ? __xdp_return+0x1e4/0x4a0\n ......\n xdp_return_frame+0x4d/0x150\n __cpu_map_entry_free+0xf9/0x230\n process_one_work+0x6b0/0xb80\n worker_thread+0x96/0x720\n kthread+0x1a5/0x1f0\n ret_from_fork+0x3a/0x70\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nThe reason for the warning is twofold. One is due to the kthread\ncpu_map_kthread_run() is stopped prematurely. Another one is\n__cpu_map_ring_cleanup() doesn\u0027t handle skb mode and treats skbs in\nptr_ring as XDP frames.\n\nPrematurely-stopped kthread will be fixed by the preceding patch and\nptr_ring will be empty when __cpu_map_ring_cleanup() is called. But\nas the comments in __cpu_map_ring_cleanup() said, handling and freeing\nskbs in ptr_ring as well to \"catch any broken behaviour gracefully\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53660",
"url": "https://www.suse.com/security/cve/CVE-2023-53660"
},
{
"category": "external",
"summary": "SUSE Bug 1251721 for CVE-2023-53660",
"url": "https://bugzilla.suse.com/1251721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53660"
},
{
"cve": "CVE-2023-53662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53662"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup}\n\nIf the filename casefolding fails, we\u0027ll be leaking memory from the\nfscrypt_name struct, namely from the \u0027crypto_buf.name\u0027 member.\n\nMake sure we free it in the error path on both ext4_fname_setup_filename()\nand ext4_fname_prepare_lookup() functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53662",
"url": "https://www.suse.com/security/cve/CVE-2023-53662"
},
{
"category": "external",
"summary": "SUSE Bug 1251282 for CVE-2023-53662",
"url": "https://bugzilla.suse.com/1251282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53662"
},
{
"cve": "CVE-2023-53663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53663"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Check instead of asserting on nested TSC scaling support\n\nCheck for nested TSC scaling support on nested SVM VMRUN instead of\nasserting that TSC scaling is exposed to L1 if L1\u0027s MSR_AMD64_TSC_RATIO\nhas diverged from KVM\u0027s default. Userspace can trigger the WARN at will\nby writing the MSR and then updating guest CPUID to hide the feature\n(modifying guest CPUID is allowed anytime before KVM_RUN). E.g. hacking\nKVM\u0027s state_test selftest to do\n\n\t\tvcpu_set_msr(vcpu, MSR_AMD64_TSC_RATIO, 0);\n\t\tvcpu_clear_cpuid_feature(vcpu, X86_FEATURE_TSCRATEMSR);\n\nafter restoring state in a new VM+vCPU yields an endless supply of:\n\n ------------[ cut here ]------------\n WARNING: CPU: 164 PID: 62565 at arch/x86/kvm/svm/nested.c:699\n nested_vmcb02_prepare_control+0x3d6/0x3f0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n enter_svm_guest_mode+0x114/0x560 [kvm_amd]\n nested_svm_vmrun+0x260/0x330 [kvm_amd]\n vmrun_interception+0x29/0x30 [kvm_amd]\n svm_invoke_exit_handler+0x35/0x100 [kvm_amd]\n svm_handle_exit+0xe7/0x180 [kvm_amd]\n kvm_arch_vcpu_ioctl_run+0x1eab/0x2570 [kvm]\n kvm_vcpu_ioctl+0x4c9/0x5b0 [kvm]\n __se_sys_ioctl+0x7a/0xc0\n __x64_sys_ioctl+0x21/0x30\n do_syscall_64+0x41/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n RIP: 0033:0x45ca1b\n\nNote, the nested #VMEXIT path has the same flaw, but needs a different\nfix and will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53663",
"url": "https://www.suse.com/security/cve/CVE-2023-53663"
},
{
"category": "external",
"summary": "SUSE Bug 1251290 for CVE-2023-53663",
"url": "https://bugzilla.suse.com/1251290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53663"
},
{
"cve": "CVE-2023-53665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53665"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: don\u0027t dereference mddev after export_rdev()\n\nExcept for initial reference, mddev-\u003ekobject is referenced by\nrdev-\u003ekobject, and if the last rdev is freed, there is no guarantee that\nmddev is still valid. Hence mddev should not be used anymore after\nexport_rdev().\n\nThis problem can be triggered by following test for mdadm at very\nlow rate:\n\nNew file: mdadm/tests/23rdev-lifetime\n\ndevname=${dev0##*/}\ndevt=`cat /sys/block/$devname/dev`\npid=\"\"\nruntime=2\n\nclean_up_test() {\n pill -9 $pid\n echo clear \u003e /sys/block/md0/md/array_state\n}\n\ntrap \u0027clean_up_test\u0027 EXIT\n\nadd_by_sysfs() {\n while true; do\n echo $devt \u003e /sys/block/md0/md/new_dev\n done\n}\n\nremove_by_sysfs(){\n while true; do\n echo remove \u003e /sys/block/md0/md/dev-${devname}/state\n done\n}\n\necho md0 \u003e /sys/module/md_mod/parameters/new_array || die \"create md0 failed\"\n\nadd_by_sysfs \u0026\npid=\"$pid $!\"\n\nremove_by_sysfs \u0026\npid=\"$pid $!\"\n\nsleep $runtime\nexit 0\n\nTest cmd:\n\n./test --save-logs --logdir=/tmp/ --keep-going --dev=loop --tests=23rdev-lifetime\n\nTest result:\n\ngeneral protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bcb: 0000 [#4] PREEMPT SMP\nCPU: 0 PID: 1292 Comm: test Tainted: G D W 6.5.0-rc2-00121-g01e55c376936 #562\nRIP: 0010:md_wakeup_thread+0x9e/0x320 [md_mod]\nCall Trace:\n \u003cTASK\u003e\n mddev_unlock+0x1b6/0x310 [md_mod]\n rdev_attr_store+0xec/0x190 [md_mod]\n sysfs_kf_write+0x52/0x70\n kernfs_fop_write_iter+0x19a/0x2a0\n vfs_write+0x3b5/0x770\n ksys_write+0x74/0x150\n __x64_sys_write+0x22/0x30\n do_syscall_64+0x40/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nFix this problem by don\u0027t dereference mddev after export_rdev().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53665",
"url": "https://www.suse.com/security/cve/CVE-2023-53665"
},
{
"category": "external",
"summary": "SUSE Bug 1251270 for CVE-2023-53665",
"url": "https://bugzilla.suse.com/1251270"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53665"
},
{
"cve": "CVE-2023-53666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53666"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: codecs: wcd938x: fix missing mbhc init error handling\n\nMBHC initialisation can fail so add the missing error handling to avoid\ndereferencing an error pointer when later configuring the jack:\n\n Unable to handle kernel paging request at virtual address fffffffffffffff8\n\n pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n\n Call trace:\n wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]\n wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]\n snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]\n qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]\n sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]\n snd_soc_link_init+0x28/0x90 [snd_soc_core]\n snd_soc_bind_card+0x628/0xbfc [snd_soc_core]\n snd_soc_register_card+0xec/0x104 [snd_soc_core]\n devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]\n sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53666",
"url": "https://www.suse.com/security/cve/CVE-2023-53666"
},
{
"category": "external",
"summary": "SUSE Bug 1251760 for CVE-2023-53666",
"url": "https://bugzilla.suse.com/1251760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53666"
},
{
"cve": "CVE-2023-53668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53668"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix deadloop issue on reading trace_pipe\n\nSoft lockup occurs when reading file \u0027trace_pipe\u0027:\n\n watchdog: BUG: soft lockup - CPU#6 stuck for 22s! [cat:4488]\n [...]\n RIP: 0010:ring_buffer_empty_cpu+0xed/0x170\n RSP: 0018:ffff88810dd6fc48 EFLAGS: 00000246\n RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff93d1aaeb\n RDX: ffff88810a280040 RSI: 0000000000000008 RDI: ffff88811164b218\n RBP: ffff88811164b218 R08: 0000000000000000 R09: ffff88815156600f\n R10: ffffed102a2acc01 R11: 0000000000000001 R12: 0000000051651901\n R13: 0000000000000000 R14: ffff888115e49500 R15: 0000000000000000\n [...]\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f8d853c2000 CR3: 000000010dcd8000 CR4: 00000000000006e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n __find_next_entry+0x1a8/0x4b0\n ? peek_next_entry+0x250/0x250\n ? down_write+0xa5/0x120\n ? down_write_killable+0x130/0x130\n trace_find_next_entry_inc+0x3b/0x1d0\n tracing_read_pipe+0x423/0xae0\n ? tracing_splice_read_pipe+0xcb0/0xcb0\n vfs_read+0x16b/0x490\n ksys_read+0x105/0x210\n ? __ia32_sys_pwrite64+0x200/0x200\n ? switch_fpu_return+0x108/0x220\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x61/0xc6\n\nThrough the vmcore, I found it\u0027s because in tracing_read_pipe(),\nring_buffer_empty_cpu() found some buffer is not empty but then it\ncannot read anything due to \"rb_num_of_entries() == 0\" always true,\nThen it infinitely loop the procedure due to user buffer not been\nfilled, see following code path:\n\n tracing_read_pipe() {\n ... ...\n waitagain:\n tracing_wait_pipe() // 1. find non-empty buffer here\n trace_find_next_entry_inc() // 2. loop here try to find an entry\n __find_next_entry()\n ring_buffer_empty_cpu(); // 3. find non-empty buffer\n peek_next_entry() // 4. but peek always return NULL\n ring_buffer_peek()\n rb_buffer_peek()\n rb_get_reader_page()\n // 5. because rb_num_of_entries() == 0 always true here\n // then return NULL\n // 6. user buffer not been filled so goto \u0027waitgain\u0027\n // and eventually leads to an deadloop in kernel!!!\n }\n\nBy some analyzing, I found that when resetting ringbuffer, the \u0027entries\u0027\nof its pages are not all cleared (see rb_reset_cpu()). Then when reducing\nthe ringbuffer, and if some reduced pages exist dirty \u0027entries\u0027 data, they\nwill be added into \u0027cpu_buffer-\u003eoverrun\u0027 (see rb_remove_pages()), which\ncause wrong \u0027overrun\u0027 count and eventually cause the deadloop issue.\n\nTo fix it, we need to clear every pages in rb_reset_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53668",
"url": "https://www.suse.com/security/cve/CVE-2023-53668"
},
{
"category": "external",
"summary": "SUSE Bug 1251286 for CVE-2023-53668",
"url": "https://bugzilla.suse.com/1251286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53668"
},
{
"cve": "CVE-2023-53670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53670"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-core: fix dev_pm_qos memleak\n\nCall dev_pm_qos_hide_latency_tolerance() in the error unwind patch to\navoid following kmemleak:-\n\nblktests (master) # kmemleak-clear; ./check nvme/044;\nblktests (master) # kmemleak-scan ; kmemleak-show\nnvme/044 (Test bi-directional authentication) [passed]\n runtime 2.111s ... 2.124s\nunreferenced object 0xffff888110c46240 (size 96):\n comm \"nvme\", pid 33461, jiffies 4345365353 (age 75.586s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [\u003c0000000069ac2cec\u003e] kmalloc_trace+0x25/0x90\n [\u003c000000006acc66d5\u003e] dev_pm_qos_update_user_latency_tolerance+0x6f/0x100\n [\u003c00000000cc376ea7\u003e] nvme_init_ctrl+0x38e/0x410 [nvme_core]\n [\u003c000000007df61b4b\u003e] 0xffffffffc05e88b3\n [\u003c00000000d152b985\u003e] 0xffffffffc05744cb\n [\u003c00000000f04a4041\u003e] vfs_write+0xc5/0x3c0\n [\u003c00000000f9491baf\u003e] ksys_write+0x5f/0xe0\n [\u003c000000001c46513d\u003e] do_syscall_64+0x3b/0x90\n [\u003c00000000ecf348fe\u003e] entry_SYSCALL_64_after_hwframe+0x72/0xdc",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53670",
"url": "https://www.suse.com/security/cve/CVE-2023-53670"
},
{
"category": "external",
"summary": "SUSE Bug 1251762 for CVE-2023-53670",
"url": "https://bugzilla.suse.com/1251762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53670"
},
{
"cve": "CVE-2023-53672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53672"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: output extra debug info if we failed to find an inline backref\n\n[BUG]\nSyzbot reported several warning triggered inside\nlookup_inline_extent_backref().\n\n[CAUSE]\nAs usual, the reproducer doesn\u0027t reliably trigger locally here, but at\nleast we know the WARN_ON() is triggered when an inline backref can not\nbe found, and it can only be triggered when @insert is true. (I.e.\ninserting a new inline backref, which means the backref should already\nexist)\n\n[ENHANCEMENT]\nAfter the WARN_ON(), dump all the parameters and the extent tree\nleaf to help debug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53672",
"url": "https://www.suse.com/security/cve/CVE-2023-53672"
},
{
"category": "external",
"summary": "SUSE Bug 1251780 for CVE-2023-53672",
"url": "https://bugzilla.suse.com/1251780"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53672"
},
{
"cve": "CVE-2023-53673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53673",
"url": "https://www.suse.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "SUSE Bug 1251763 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251763"
},
{
"category": "external",
"summary": "SUSE Bug 1251983 for CVE-2023-53673",
"url": "https://bugzilla.suse.com/1251983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2023-53673"
},
{
"cve": "CVE-2023-53674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53674"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix memory leak in devm_clk_notifier_register()\n\ndevm_clk_notifier_register() allocates a devres resource for clk\nnotifier but didn\u0027t register that to the device, so the notifier didn\u0027t\nget unregistered on device detach and the allocated resource was leaked.\n\nFix the issue by registering the resource through devres_add().\n\nThis issue was found with kmemleak on a Chromebook.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53674",
"url": "https://www.suse.com/security/cve/CVE-2023-53674"
},
{
"category": "external",
"summary": "SUSE Bug 1251764 for CVE-2023-53674",
"url": "https://bugzilla.suse.com/1251764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53674"
},
{
"cve": "CVE-2023-53681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53681"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: Fix __bch_btree_node_alloc to make the failure behavior consistent\n\nIn some specific situations, the return value of __bch_btree_node_alloc\nmay be NULL. This may lead to a potential NULL pointer dereference in\ncaller function like a calling chain :\nbtree_split-\u003ebch_btree_node_alloc-\u003e__bch_btree_node_alloc.\n\nFix it by initializing the return value in __bch_btree_node_alloc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53681",
"url": "https://www.suse.com/security/cve/CVE-2023-53681"
},
{
"category": "external",
"summary": "SUSE Bug 1251769 for CVE-2023-53681",
"url": "https://bugzilla.suse.com/1251769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53681"
},
{
"cve": "CVE-2023-53686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: fix null-ptr-deref in handshake_nl_done_doit()\n\nWe should not call trace_handshake_cmd_done_err() if socket lookup has failed.\n\nAlso we should call trace_handshake_cmd_done_err() before releasing the file,\notherwise dereferencing sock-\u003esk can return garbage.\n\nThis also reverts 7afc6d0a107f (\"net/handshake: Fix uninitialized local variable\")\n\nUnable to handle kernel paging request at virtual address dfff800000000003\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nMem abort info:\nESR = 0x0000000096000005\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x05: level 1 translation fault\nData abort info:\nISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfff800000000003] address between user and kernel address ranges\nInternal error: Oops: 0000000096000005 [#1] PREEMPT SMP\nModules linked in:\nCPU: 1 PID: 5986 Comm: syz-executor292 Not tainted 6.5.0-rc7-syzkaller-gfe4469582053 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : handshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\nlr : handshake_nl_done_doit+0x180/0x9c8\nsp : ffff800096e37180\nx29: ffff800096e37200 x28: 1ffff00012dc6e34 x27: dfff800000000000\nx26: ffff800096e373d0 x25: 0000000000000000 x24: 00000000ffffffa8\nx23: ffff800096e373f0 x22: 1ffff00012dc6e38 x21: 0000000000000000\nx20: ffff800096e371c0 x19: 0000000000000018 x18: 0000000000000000\nx17: 0000000000000000 x16: ffff800080516cc4 x15: 0000000000000001\nx14: 1fffe0001b14aa3b x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000003\nx8 : 0000000000000003 x7 : ffff800080afe47c x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080a88078\nx2 : 0000000000000001 x1 : 00000000ffffffa8 x0 : 0000000000000000\nCall trace:\nhandshake_nl_done_doit+0x198/0x9c8 net/handshake/netlink.c:193\ngenl_family_rcv_msg_doit net/netlink/genetlink.c:970 [inline]\ngenl_family_rcv_msg net/netlink/genetlink.c:1050 [inline]\ngenl_rcv_msg+0x96c/0xc50 net/netlink/genetlink.c:1067\nnetlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2549\ngenl_rcv+0x38/0x50 net/netlink/genetlink.c:1078\nnetlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]\nnetlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365\nnetlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1914\nsock_sendmsg_nosec net/socket.c:725 [inline]\nsock_sendmsg net/socket.c:748 [inline]\n____sys_sendmsg+0x56c/0x840 net/socket.c:2494\n___sys_sendmsg net/socket.c:2548 [inline]\n__sys_sendmsg+0x26c/0x33c net/socket.c:2577\n__do_sys_sendmsg net/socket.c:2586 [inline]\n__se_sys_sendmsg net/socket.c:2584 [inline]\n__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2584\n__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\nel0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678\nel0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\nel0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591\nCode: 12800108 b90043e8 910062b3 d343fe68 (387b6908)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53686",
"url": "https://www.suse.com/security/cve/CVE-2023-53686"
},
{
"category": "external",
"summary": "SUSE Bug 1251771 for CVE-2023-53686",
"url": "https://bugzilla.suse.com/1251771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53686"
},
{
"cve": "CVE-2023-53687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53687"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk\n\nWhen the best clk is searched, we iterate over all possible clk.\n\nIf we find a better match, the previous one, if any, needs to be freed.\nIf a better match has already been found, we still need to free the new\none, otherwise it leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53687",
"url": "https://www.suse.com/security/cve/CVE-2023-53687"
},
{
"category": "external",
"summary": "SUSE Bug 1251772 for CVE-2023-53687",
"url": "https://bugzilla.suse.com/1251772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53687"
},
{
"cve": "CVE-2023-53693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53693"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: Fix the memory leak in raw_gadget driver\n\nCurrently, increasing raw_dev-\u003ecount happens before invoke the\nraw_queue_event(), if the raw_queue_event() return error, invoke\nraw_release() will not trigger the dev_free() to be called.\n\n[ 268.905865][ T5067] raw-gadget.0 gadget.0: failed to queue event\n[ 268.912053][ T5067] udc dummy_udc.0: failed to start USB Raw Gadget: -12\n[ 268.918885][ T5067] raw-gadget.0: probe of gadget.0 failed with error -12\n[ 268.925956][ T5067] UDC core: USB Raw Gadget: couldn\u0027t find an available UDC or it\u0027s busy\n[ 268.934657][ T5067] misc raw-gadget: fail, usb_gadget_register_driver returned -16\n\nBUG: memory leak\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347eb55\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347eb55\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff8347eb55\u003e] dev_new drivers/usb/gadget/legacy/raw_gadget.c:191 [inline]\n[\u003cffffffff8347eb55\u003e] raw_open+0x45/0x110 drivers/usb/gadget/legacy/raw_gadget.c:385\n[\u003cffffffff827d1d09\u003e] misc_open+0x1a9/0x1f0 drivers/char/misc.c:165\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff8347cd2f\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff8347cd2f\u003e] raw_ioctl_init+0xdf/0x410 drivers/usb/gadget/legacy/raw_gadget.c:460\n[\u003cffffffff8347dfe9\u003e] raw_ioctl+0x5f9/0x1120 drivers/usb/gadget/legacy/raw_gadget.c:1250\n[\u003cffffffff81685173\u003e] vfs_ioctl fs/ioctl.c:51 [inline]\n\n[\u003cffffffff8154bf94\u003e] kmalloc_trace+0x24/0x90 mm/slab_common.c:1076\n[\u003cffffffff833ecc6a\u003e] kmalloc include/linux/slab.h:582 [inline]\n[\u003cffffffff833ecc6a\u003e] kzalloc include/linux/slab.h:703 [inline]\n[\u003cffffffff833ecc6a\u003e] dummy_alloc_request+0x5a/0xe0 drivers/usb/gadget/udc/dummy_hcd.c:665\n[\u003cffffffff833e9132\u003e] usb_ep_alloc_request+0x22/0xd0 drivers/usb/gadget/udc/core.c:196\n[\u003cffffffff8347f13d\u003e] gadget_bind+0x6d/0x370 drivers/usb/gadget/legacy/raw_gadget.c:292\n\nThis commit therefore invoke kref_get() under the condition that\nraw_queue_event() return success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53693",
"url": "https://www.suse.com/security/cve/CVE-2023-53693"
},
{
"category": "external",
"summary": "SUSE Bug 1252489 for CVE-2023-53693",
"url": "https://bugzilla.suse.com/1252489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53693"
},
{
"cve": "CVE-2023-53697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()\n\nMemory pointed by \u0027nd_pmu-\u003epmu.attr_groups\u0027 is allocated in function\n\u0027register_nvdimm_pmu\u0027 and is lost after \u0027kfree(nd_pmu)\u0027 call in function\n\u0027unregister_nvdimm_pmu\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53697",
"url": "https://www.suse.com/security/cve/CVE-2023-53697"
},
{
"category": "external",
"summary": "SUSE Bug 1252534 for CVE-2023-53697",
"url": "https://bugzilla.suse.com/1252534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53697"
},
{
"cve": "CVE-2023-53698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: fix refcount underflow in error path\n\nFix a refcount underflow problem reported by syzbot that can happen\nwhen a system is running out of memory. If xp_alloc_tx_descs() fails,\nand it can only fail due to not having enough memory, then the error\npath is triggered. In this error path, the refcount of the pool is\ndecremented as it has incremented before. However, the reference to\nthe pool in the socket was not nulled. This means that when the socket\nis closed later, the socket teardown logic will think that there is a\npool attached to the socket and try to decrease the refcount again,\nleading to a refcount underflow.\n\nI chose this fix as it involved adding just a single line. Another\noption would have been to move xp_get_pool() and the assignment of\nxs-\u003epool to after the if-statement and using xs_umem-\u003epool instead of\nxs-\u003epool in the whole if-statement resulting in somewhat simpler code,\nbut this would have led to much more churn in the code base perhaps\nmaking it harder to backport.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53698",
"url": "https://www.suse.com/security/cve/CVE-2023-53698"
},
{
"category": "external",
"summary": "SUSE Bug 1252479 for CVE-2023-53698",
"url": "https://bugzilla.suse.com/1252479"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53698"
},
{
"cve": "CVE-2023-53699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: move memblock_allow_resize() after linear mapping is ready\n\nThe initial memblock metadata is accessed from kernel image mapping. The\nregions arrays need to \"reallocated\" from memblock and accessed through\nlinear mapping to cover more memblock regions. So the resizing should\nnot be allowed until linear mapping is ready. Note that there are\nmemblock allocations when building linear mapping.\n\nThis patch is similar to 24cc61d8cb5a (\"arm64: memblock: don\u0027t permit\nmemblock resizing until linear mapping is up\").\n\nIn following log, many memblock regions are reserved before\ncreate_linear_mapping_page_table(). And then it triggered reallocation\nof memblock.reserved.regions and memcpy the old array in kernel image\nmapping to the new array in linear mapping which caused a page fault.\n\n[ 0.000000] memblock_reserve: [0x00000000bf01f000-0x00000000bf01ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf021000-0x00000000bf021fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf023000-0x00000000bf023fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf025000-0x00000000bf025fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf027000-0x00000000bf027fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf029000-0x00000000bf029fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02b000-0x00000000bf02bfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02d000-0x00000000bf02dfff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf02f000-0x00000000bf02ffff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] memblock_reserve: [0x00000000bf030000-0x00000000bf030fff] early_init_fdt_scan_reserved_mem+0x28c/0x2c6\n[ 0.000000] OF: reserved mem: 0x0000000080000000..0x000000008007ffff (512 KiB) map non-reusable mmode_resv0@80000000\n[ 0.000000] memblock_reserve: [0x00000000bf000000-0x00000000bf001fed] paging_init+0x19a/0x5ae\n[ 0.000000] memblock_phys_alloc_range: 4096 bytes align=0x1000 from=0x0000000000000000 max_addr=0x0000000000000000 alloc_pmd_fixmap+0x14/0x1c\n[ 0.000000] memblock_reserve: [0x000000017ffff000-0x000000017fffffff] memblock_alloc_range_nid+0xb8/0x128\n[ 0.000000] memblock: reserved is doubled to 256 at [0x000000017fffd000-0x000000017fffe7ff]\n[ 0.000000] Unable to handle kernel paging request at virtual address ff600000ffffd000\n[ 0.000000] Oops [#1]\n[ 0.000000] Modules linked in:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.4.0-rc1-00011-g99a670b2069c #66\n[ 0.000000] Hardware name: riscv-virtio,qemu (DT)\n[ 0.000000] epc : __memcpy+0x60/0xf8\n[ 0.000000] ra : memblock_double_array+0x192/0x248\n[ 0.000000] epc : ffffffff8081d214 ra : ffffffff80a3dfc0 sp : ffffffff81403bd0\n[ 0.000000] gp : ffffffff814fbb38 tp : ffffffff8140dac0 t0 : 0000000001600000\n[ 0.000000] t1 : 0000000000000000 t2 : 000000008f001000 s0 : ffffffff81403c60\n[ 0.000000] s1 : ffffffff80c0bc98 a0 : ff600000ffffd000 a1 : ffffffff80c0bcd8\n[ 0.000000] a2 : 0000000000000c00 a3 : ffffffff80c0c8d8 a4 : 0000000080000000\n[ 0.000000] a5 : 0000000000080000 a6 : 0000000000000000 a7 : 0000000080200000\n[ 0.000000] s2 : ff600000ffffd000 s3 : 0000000000002000 s4 : 0000000000000c00\n[ 0.000000] s5 : ffffffff80c0bc60 s6 : ffffffff80c0bcc8 s7 : 0000000000000000\n[ 0.000000] s8 : ffffffff814fd0a8 s9 : 000000017fffe7ff s10: 0000000000000000\n[ 0.000000] s11: 0000000000001000 t3 : 0000000000001000 t4 : 0000000000000000\n[ 0.000000] t5 : 000000008f003000 t6 : ff600000ffffd000\n[ 0.000000] status: 0000000200000100 badaddr: ff600000ffffd000 cause: 000000000000000f\n[ 0.000000] [\u003cfff\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53699",
"url": "https://www.suse.com/security/cve/CVE-2023-53699"
},
{
"category": "external",
"summary": "SUSE Bug 1252550 for CVE-2023-53699",
"url": "https://bugzilla.suse.com/1252550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53699"
},
{
"cve": "CVE-2023-53703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53703"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: amd_sfh: Fix for shift-out-of-bounds\n\nShift operation of \u0027exp\u0027 and \u0027shift\u0027 variables exceeds the maximum number\nof shift values in the u32 range leading to UBSAN shift-out-of-bounds.\n\n...\n[ 6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50\n[ 6.120598] shift exponent 104 is too large for 64-bit type \u0027long unsigned int\u0027\n[ 6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10\n[ 6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023\n[ 6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]\n[ 6.120687] Call Trace:\n[ 6.120690] \u003cTASK\u003e\n[ 6.120694] dump_stack_lvl+0x48/0x70\n[ 6.120704] dump_stack+0x10/0x20\n[ 6.120707] ubsan_epilogue+0x9/0x40\n[ 6.120716] __ubsan_handle_shift_out_of_bounds+0x10f/0x170\n[ 6.120720] ? psi_group_change+0x25f/0x4b0\n[ 6.120729] float_to_int.cold+0x18/0xba [amd_sfh]\n[ 6.120739] get_input_rep+0x57/0x340 [amd_sfh]\n[ 6.120748] ? __schedule+0xba7/0x1b60\n[ 6.120756] ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]\n[ 6.120764] amd_sfh_work_buffer+0x91/0x180 [amd_sfh]\n[ 6.120772] process_one_work+0x229/0x430\n[ 6.120780] worker_thread+0x4a/0x3c0\n[ 6.120784] ? __pfx_worker_thread+0x10/0x10\n[ 6.120788] kthread+0xf7/0x130\n[ 6.120792] ? __pfx_kthread+0x10/0x10\n[ 6.120795] ret_from_fork+0x29/0x50\n[ 6.120804] \u003c/TASK\u003e\n...\n\nFix this by adding the condition to validate shift ranges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53703",
"url": "https://www.suse.com/security/cve/CVE-2023-53703"
},
{
"category": "external",
"summary": "SUSE Bug 1252553 for CVE-2023-53703",
"url": "https://bugzilla.suse.com/1252553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53703"
},
{
"cve": "CVE-2023-53704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53704"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()\n\nReplace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc()\nwhich can automatically release the related memory when the device\nor driver is removed or unloaded to avoid potential memory leak.\n\nIn this case, iounmap(anatop_base) in line 427,433 are removed\nas manual release is not required.\n\nBesides, referring to clk-imx8mq.c, check the return code of\nof_clk_add_hw_provider, if it returns negtive, print error info\nand unregister hws, which makes the program more robust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53704",
"url": "https://www.suse.com/security/cve/CVE-2023-53704"
},
{
"category": "external",
"summary": "SUSE Bug 1252490 for CVE-2023-53704",
"url": "https://bugzilla.suse.com/1252490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53704"
},
{
"cve": "CVE-2023-53707",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53707"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix integer overflow in amdgpu_cs_pass1\n\nThe type of size is unsigned int, if size is 0x40000000, there will\nbe an integer overflow, size will be zero after size *= sizeof(uint32_t),\nwill cause uninitialized memory to be referenced later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53707",
"url": "https://www.suse.com/security/cve/CVE-2023-53707"
},
{
"category": "external",
"summary": "SUSE Bug 1252632 for CVE-2023-53707",
"url": "https://bugzilla.suse.com/1252632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53707"
},
{
"cve": "CVE-2023-53708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53708"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects\n\nIf a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE`\nobjects while evaluating the AMD LPS0 _DSM, there will be a memory\nleak. Explicitly guard against this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53708",
"url": "https://www.suse.com/security/cve/CVE-2023-53708"
},
{
"category": "external",
"summary": "SUSE Bug 1252537 for CVE-2023-53708",
"url": "https://bugzilla.suse.com/1252537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53708"
},
{
"cve": "CVE-2023-53711",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53711"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a potential data corruption\n\nWe must ensure that the subrequests are joined back into the head before\nwe can retransmit a request. If the head was not on the commit lists,\nbecause the server wrote it synchronously, we still need to add it back\nto the retransmission list.\nAdd a call that mirrors the effect of nfs_cancel_remove_inode() for\nO_DIRECT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53711",
"url": "https://www.suse.com/security/cve/CVE-2023-53711"
},
{
"category": "external",
"summary": "SUSE Bug 1252536 for CVE-2023-53711",
"url": "https://bugzilla.suse.com/1252536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53711"
},
{
"cve": "CVE-2023-53713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53713"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: sme: Use STR P to clear FFR context field in streaming SVE mode\n\nThe FFR is a predicate register which can vary between 16 and 256 bits\nin size depending upon the configured vector length. When saving the\nSVE state in streaming SVE mode, the FFR register is inaccessible and\nso commit 9f5848665788 (\"arm64/sve: Make access to FFR optional\") simply\nclears the FFR field of the in-memory context structure. Unfortunately,\nit achieves this using an unconditional 8-byte store and so if the SME\nvector length is anything other than 64 bytes in size we will either\nfail to clear the entire field or, worse, we will corrupt memory\nimmediately following the structure. This has led to intermittent kfence\nsplats in CI [1] and can trigger kmalloc Redzone corruption messages\nwhen running the \u0027fp-stress\u0027 kselftest:\n\n | =============================================================================\n | BUG kmalloc-1k (Not tainted): kmalloc Redzone overwritten\n | -----------------------------------------------------------------------------\n |\n | 0xffff000809bf1e22-0xffff000809bf1e27 @offset=7714. First byte 0x0 instead of 0xcc\n | Allocated in do_sme_acc+0x9c/0x220 age=2613 cpu=1 pid=531\n | __kmalloc+0x8c/0xcc\n | do_sme_acc+0x9c/0x220\n | ...\n\nReplace the 8-byte store with a store of a predicate register which has\nbeen zero-initialised with PFALSE, ensuring that the entire field is\ncleared in memory.\n\n[1] https://lore.kernel.org/r/CA+G9fYtU7HsV0R0dp4XEH5xXHSJFw8KyDf5VQrLLfMxWfxQkag@mail.gmail.com",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53713",
"url": "https://www.suse.com/security/cve/CVE-2023-53713"
},
{
"category": "external",
"summary": "SUSE Bug 1252559 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1252559"
},
{
"category": "external",
"summary": "SUSE Bug 1253760 for CVE-2023-53713",
"url": "https://bugzilla.suse.com/1253760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2023-53713"
},
{
"cve": "CVE-2023-53718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not swap cpu_buffer during resize process\n\nWhen ring_buffer_swap_cpu was called during resize process,\nthe cpu buffer was swapped in the middle, resulting in incorrect state.\nContinuing to run in the wrong state will result in oops.\n\nThis issue can be easily reproduced using the following two scripts:\n/tmp # cat test1.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo 2000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\n echo 5000 \u003e /sys/kernel/debug/tracing/buffer_size_kb\n sleep 0.5\ndone\n/tmp # cat test2.sh\n//#! /bin/sh\nfor i in `seq 0 100000`\ndo\n echo irqsoff \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\n echo nop \u003e /sys/kernel/debug/tracing/current_tracer\n sleep 1\ndone\n/tmp # ./test1.sh \u0026\n/tmp # ./test2.sh \u0026\n\nA typical oops log is as follows, sometimes with other different oops logs.\n\n[ 231.711293] WARNING: CPU: 0 PID: 9 at kernel/trace/ring_buffer.c:2026 rb_update_pages+0x378/0x3f8\n[ 231.713375] Modules linked in:\n[ 231.714735] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 231.716750] Hardware name: linux,dummy-virt (DT)\n[ 231.718152] Workqueue: events update_pages_handler\n[ 231.719714] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 231.721171] pc : rb_update_pages+0x378/0x3f8\n[ 231.722212] lr : rb_update_pages+0x25c/0x3f8\n[ 231.723248] sp : ffff800082b9bd50\n[ 231.724169] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 0000000000000000\n[ 231.726102] x26: 0000000000000001 x25: fffffffffffff010 x24: 0000000000000ff0\n[ 231.728122] x23: ffff0000c3a0b600 x22: ffff0000c3a0b5c0 x21: fffffffffffffe0a\n[ 231.730203] x20: ffff0000c3a0b600 x19: ffff0000c0102400 x18: 0000000000000000\n[ 231.732329] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffe7aa8510\n[ 231.734212] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000002\n[ 231.736291] x11: ffff8000826998a8 x10: ffff800082b9baf0 x9 : ffff800081137558\n[ 231.738195] x8 : fffffc00030e82c8 x7 : 0000000000000000 x6 : 0000000000000001\n[ 231.740192] x5 : ffff0000ffbafe00 x4 : 0000000000000000 x3 : 0000000000000000\n[ 231.742118] x2 : 00000000000006aa x1 : 0000000000000001 x0 : ffff0000c0007208\n[ 231.744196] Call trace:\n[ 231.744892] rb_update_pages+0x378/0x3f8\n[ 231.745893] update_pages_handler+0x1c/0x38\n[ 231.746893] process_one_work+0x1f0/0x468\n[ 231.747852] worker_thread+0x54/0x410\n[ 231.748737] kthread+0x124/0x138\n[ 231.749549] ret_from_fork+0x10/0x20\n[ 231.750434] ---[ end trace 0000000000000000 ]---\n[ 233.720486] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 233.721696] Mem abort info:\n[ 233.721935] ESR = 0x0000000096000004\n[ 233.722283] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 233.722596] SET = 0, FnV = 0\n[ 233.722805] EA = 0, S1PTW = 0\n[ 233.723026] FSC = 0x04: level 0 translation fault\n[ 233.723458] Data abort info:\n[ 233.723734] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 233.724176] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 233.724589] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 233.725075] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000104943000\n[ 233.725592] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[ 233.726231] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 233.726720] Modules linked in:\n[ 233.727007] CPU: 0 PID: 9 Comm: kworker/0:1 Tainted: G W 6.5.0-rc1-00276-g20edcec23f92 #15\n[ 233.727777] Hardware name: linux,dummy-virt (DT)\n[ 233.728225] Workqueue: events update_pages_handler\n[ 233.728655] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 233.729054] pc : rb_update_pages+0x1a8/0x3f8\n[ 233.729334] lr : rb_update_pages+0x154/0x3f8\n[ 233.729592] sp : ffff800082b9bd50\n[ 233.729792] x29: ffff800082b9bd50 x28: ffff8000825f7000 x27: 00000000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53718",
"url": "https://www.suse.com/security/cve/CVE-2023-53718"
},
{
"category": "external",
"summary": "SUSE Bug 1252564 for CVE-2023-53718",
"url": "https://bugzilla.suse.com/1252564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53718"
},
{
"cve": "CVE-2023-53721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53721"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()\n\nIn ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly\nused in memcpy(), which may lead to a NULL pointer dereference on\nfailure of kzalloc().\n\nFix this bug by adding a check of arg.extraie.ptr.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53721",
"url": "https://www.suse.com/security/cve/CVE-2023-53721"
},
{
"category": "external",
"summary": "SUSE Bug 1252561 for CVE-2023-53721",
"url": "https://bugzilla.suse.com/1252561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53721"
},
{
"cve": "CVE-2023-53722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: raid1: fix potential OOB in raid1_remove_disk()\n\nIf rddev-\u003eraid_disk is greater than mddev-\u003eraid_disks, there will be\nan out-of-bounds in raid1_remove_disk(). We have already found\nsimilar reports as follows:\n\n1) commit d17f744e883b (\"md-raid10: fix KASAN warning\")\n2) commit 1ebc2cec0b7d (\"dm raid: fix KASAN warning in raid5_remove_disk\")\n\nFix this bug by checking whether the \"number\" variable is\nvalid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53722",
"url": "https://www.suse.com/security/cve/CVE-2023-53722"
},
{
"category": "external",
"summary": "SUSE Bug 1252499 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252499"
},
{
"category": "external",
"summary": "SUSE Bug 1252500 for CVE-2023-53722",
"url": "https://bugzilla.suse.com/1252500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2023-53722"
},
{
"cve": "CVE-2023-53725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe\n\nSmatch reports:\ndrivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe()\nwarn: \u0027timer_baseaddr\u0027 from of_iomap() not released on lines: 498,508,516.\n\ntimer_baseaddr may have the problem of not being released after use,\nI replaced it with the devm_of_iomap() function and added the clk_put()\nfunction to cleanup the \"clk_ce\" and \"clk_cs\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53725",
"url": "https://www.suse.com/security/cve/CVE-2023-53725"
},
{
"category": "external",
"summary": "SUSE Bug 1252492 for CVE-2023-53725",
"url": "https://bugzilla.suse.com/1252492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53725"
},
{
"cve": "CVE-2023-53726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: csum: Fix OoB access in IP checksum code for negative lengths\n\nAlthough commit c2c24edb1d9c (\"arm64: csum: Fix pathological zero-length\ncalls\") added an early return for zero-length input, syzkaller has\npopped up with an example of a _negative_ length which causes an\nundefined shift and an out-of-bounds read:\n\n | BUG: KASAN: slab-out-of-bounds in do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | Read of size 4294966928 at addr ffff0000d7ac0170 by task syz-executor412/5975\n |\n | CPU: 0 PID: 5975 Comm: syz-executor412 Not tainted 6.4.0-rc4-syzkaller-g908f31f2a05b #0\n | Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023\n | Call trace:\n | dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233\n | show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240\n | __dump_stack lib/dump_stack.c:88 [inline]\n | dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106\n | print_address_description mm/kasan/report.c:351 [inline]\n | print_report+0x174/0x514 mm/kasan/report.c:462\n | kasan_report+0xd4/0x130 mm/kasan/report.c:572\n | kasan_check_range+0x264/0x2a4 mm/kasan/generic.c:187\n | __kasan_check_read+0x20/0x30 mm/kasan/shadow.c:31\n | do_csum+0x44/0x254 arch/arm64/lib/csum.c:39\n | csum_partial+0x30/0x58 lib/checksum.c:128\n | gso_make_checksum include/linux/skbuff.h:4928 [inline]\n | __udp_gso_segment+0xaf4/0x1bc4 net/ipv4/udp_offload.c:332\n | udp6_ufo_fragment+0x540/0xca0 net/ipv6/udp_offload.c:47\n | ipv6_gso_segment+0x5cc/0x1760 net/ipv6/ip6_offload.c:119\n | skb_mac_gso_segment+0x2b4/0x5b0 net/core/gro.c:141\n | __skb_gso_segment+0x250/0x3d0 net/core/dev.c:3401\n | skb_gso_segment include/linux/netdevice.h:4859 [inline]\n | validate_xmit_skb+0x364/0xdbc net/core/dev.c:3659\n | validate_xmit_skb_list+0x94/0x130 net/core/dev.c:3709\n | sch_direct_xmit+0xe8/0x548 net/sched/sch_generic.c:327\n | __dev_xmit_skb net/core/dev.c:3805 [inline]\n | __dev_queue_xmit+0x147c/0x3318 net/core/dev.c:4210\n | dev_queue_xmit include/linux/netdevice.h:3085 [inline]\n | packet_xmit+0x6c/0x318 net/packet/af_packet.c:276\n | packet_snd net/packet/af_packet.c:3081 [inline]\n | packet_sendmsg+0x376c/0x4c98 net/packet/af_packet.c:3113\n | sock_sendmsg_nosec net/socket.c:724 [inline]\n | sock_sendmsg net/socket.c:747 [inline]\n | __sys_sendto+0x3b4/0x538 net/socket.c:2144\n\nExtend the early return to reject negative lengths as well, aligning our\nimplementation with the generic code in lib/checksum.c",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53726",
"url": "https://www.suse.com/security/cve/CVE-2023-53726"
},
{
"category": "external",
"summary": "SUSE Bug 1252565 for CVE-2023-53726",
"url": "https://bugzilla.suse.com/1252565"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53726"
},
{
"cve": "CVE-2023-53727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: avoid stalls in fq_pie_timer()\n\nWhen setting a high number of flows (limit being 65536),\nfq_pie_timer() is currently using too much time as syzbot reported.\n\nAdd logic to yield the cpu every 2048 flows (less than 150 usec\non debug kernels).\nIt should also help by not blocking qdisc fast paths for too long.\nWorst case (65536 flows) would need 31 jiffies for a complete scan.\n\nRelevant extract from syzbot report:\n\nrcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2663 jiffies s: 873 root: 0x1/.\nrcu: blocking rcu_node structures (internal RCU debug):\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 5177 Comm: syz-executor273 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:write_comp_data+0x21/0x90 kernel/kcov.c:236\nCode: 2e 0f 1f 84 00 00 00 00 00 65 8b 05 01 b2 7d 7e 49 89 f1 89 c6 49 89 d2 81 e6 00 01 00 00 49 89 f8 65 48 8b 14 25 80 b9 03 00 \u003ca9\u003e 00 01 ff 00 74 0e 85 f6 74 59 8b 82 04 16 00 00 85 c0 74 4f 8b\nRSP: 0018:ffffc90000007bb8 EFLAGS: 00000206\nRAX: 0000000000000101 RBX: ffffc9000dc0d140 RCX: ffffffff885893b0\nRDX: ffff88807c075940 RSI: 0000000000000100 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: ffffc9000dc0d178\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 0000555555d54380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6b442f6130 CR3: 000000006fe1c000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cIRQ\u003e\n pie_calculate_probability+0x480/0x850 net/sched/sch_pie.c:415\n fq_pie_timer+0x1da/0x4f0 net/sched/sch_fq_pie.c:387\n call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53727",
"url": "https://www.suse.com/security/cve/CVE-2023-53727"
},
{
"category": "external",
"summary": "SUSE Bug 1252566 for CVE-2023-53727",
"url": "https://bugzilla.suse.com/1252566"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53727"
},
{
"cve": "CVE-2023-53728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-timers: Ensure timer ID search-loop limit is valid\n\nposix_timer_add() tries to allocate a posix timer ID by starting from the\ncached ID which was stored by the last successful allocation.\n\nThis is done in a loop searching the ID space for a free slot one by\none. The loop has to terminate when the search wrapped around to the\nstarting point.\n\nBut that\u0027s racy vs. establishing the starting point. That is read out\nlockless, which leads to the following problem:\n\nCPU0\t \t \t \t CPU1\nposix_timer_add()\n start = sig-\u003eposix_timer_id;\n lock(hash_lock);\n ...\t\t\t\t posix_timer_add()\n if (++sig-\u003eposix_timer_id \u003c 0)\n \t\t\t start = sig-\u003eposix_timer_id;\n sig-\u003eposix_timer_id = 0;\n\nSo CPU1 can observe a negative start value, i.e. -1, and the loop break\nnever happens because the condition can never be true:\n\n if (sig-\u003eposix_timer_id == start)\n break;\n\nWhile this is unlikely to ever turn into an endless loop as the ID space is\nhuge (INT_MAX), the racy read of the start value caught the attention of\nKCSAN and Dmitry unearthed that incorrectness.\n\nRewrite it so that all id operations are under the hash lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53728",
"url": "https://www.suse.com/security/cve/CVE-2023-53728"
},
{
"category": "external",
"summary": "SUSE Bug 1252668 for CVE-2023-53728",
"url": "https://bugzilla.suse.com/1252668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53728"
},
{
"cve": "CVE-2023-53729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: qcom: qmi_encdec: Restrict string length in decode\n\nThe QMI TLV value for strings in a lot of qmi element info structures\naccount for null terminated strings with MAX_LEN + 1. If a string is\nactually MAX_LEN + 1 length, this will cause an out of bounds access\nwhen the NULL character is appended in decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53729",
"url": "https://www.suse.com/security/cve/CVE-2023-53729"
},
{
"category": "external",
"summary": "SUSE Bug 1252496 for CVE-2023-53729",
"url": "https://bugzilla.suse.com/1252496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53729"
},
{
"cve": "CVE-2023-53730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost\n\nadjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled\nwhen unlock. DEADLOCK might happen if we have held other locks and disabled\nIRQ before invoking it.\n\nFix it by using spin_lock_irqsave() instead, which can keep IRQ state\nconsistent with before when unlock.\n\n ================================\n WARNING: inconsistent lock state\n 5.10.0-02758-g8e5f91fd772f #26 Not tainted\n --------------------------------\n inconsistent {IN-HARDIRQ-W} -\u003e {HARDIRQ-ON-W} usage.\n kworker/2:3/388 [HC0[0]:SC0[0]:HE0:SE1] takes:\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n {IN-HARDIRQ-W} state was registered at:\n __lock_acquire+0x3d7/0x1070\n lock_acquire+0x197/0x4a0\n __raw_spin_lock_irqsave\n _raw_spin_lock_irqsave+0x3b/0x60\n bfq_idle_slice_timer_body\n bfq_idle_slice_timer+0x53/0x1d0\n __run_hrtimer+0x477/0xa70\n __hrtimer_run_queues+0x1c6/0x2d0\n hrtimer_interrupt+0x302/0x9e0\n local_apic_timer_interrupt\n __sysvec_apic_timer_interrupt+0xfd/0x420\n run_sysvec_on_irqstack_cond\n sysvec_apic_timer_interrupt+0x46/0xa0\n asm_sysvec_apic_timer_interrupt+0x12/0x20\n irq event stamp: 837522\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] __raw_spin_unlock_irqrestore\n hardirqs last enabled at (837521): [\u003cffffffff84b9419d\u003e] _raw_spin_unlock_irqrestore+0x3d/0x40\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] __raw_spin_lock_irq\n hardirqs last disabled at (837522): [\u003cffffffff84b93fa3\u003e] _raw_spin_lock_irq+0x43/0x50\n softirqs last enabled at (835852): [\u003cffffffff84e00558\u003e] __do_softirq+0x558/0x8ec\n softirqs last disabled at (835845): [\u003cffffffff84c010ff\u003e] asm_call_irq_on_stack+0xf/0x20\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026bfqd-\u003elock);\n \u003cInterrupt\u003e\n lock(\u0026bfqd-\u003elock);\n\n *** DEADLOCK ***\n\n 3 locks held by kworker/2:3/388:\n #0: ffff888107af0f38 ((wq_completion)kthrotld){+.+.}-{0:0}, at: process_one_work+0x742/0x13f0\n #1: ffff8881176bfdd8 ((work_completion)(\u0026td-\u003edispatch_work)){+.+.}-{0:0}, at: process_one_work+0x777/0x13f0\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: spin_lock_irq\n #2: ffff888118c00c28 (\u0026bfqd-\u003elock){?.-.}-{2:2}, at: bfq_bio_merge+0x141/0x390\n\n stack backtrace:\n CPU: 2 PID: 388 Comm: kworker/2:3 Not tainted 5.10.0-02758-g8e5f91fd772f #26\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n Workqueue: kthrotld blk_throtl_dispatch_work_fn\n Call Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x107/0x167\n print_usage_bug\n valid_state\n mark_lock_irq.cold+0x32/0x3a\n mark_lock+0x693/0xbc0\n mark_held_locks+0x9e/0xe0\n __trace_hardirqs_on_caller\n lockdep_hardirqs_on_prepare.part.0+0x151/0x360\n trace_hardirqs_on+0x5b/0x180\n __raw_spin_unlock_irq\n _raw_spin_unlock_irq+0x24/0x40\n spin_unlock_irq\n adjust_inuse_and_calc_cost+0x4fb/0x970\n ioc_rqos_merge+0x277/0x740\n __rq_qos_merge+0x62/0xb0\n rq_qos_merge\n bio_attempt_back_merge+0x12c/0x4a0\n blk_mq_sched_try_merge+0x1b6/0x4d0\n bfq_bio_merge+0x24a/0x390\n __blk_mq_sched_bio_merge+0xa6/0x460\n blk_mq_sched_bio_merge\n blk_mq_submit_bio+0x2e7/0x1ee0\n __submit_bio_noacct_mq+0x175/0x3b0\n submit_bio_noacct+0x1fb/0x270\n blk_throtl_dispatch_work_fn+0x1ef/0x2b0\n process_one_work+0x83e/0x13f0\n process_scheduled_works\n worker_thread+0x7e3/0xd80\n kthread+0x353/0x470\n ret_from_fork+0x1f/0x30",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53730",
"url": "https://www.suse.com/security/cve/CVE-2023-53730"
},
{
"category": "external",
"summary": "SUSE Bug 1252495 for CVE-2023-53730",
"url": "https://bugzilla.suse.com/1252495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53730"
},
{
"cve": "CVE-2023-53731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nl_table_lock);\n local_irq_disable();\n lock(\u0026local-\u003equeue_stop_reason_lock);\n lock(nl_table_lock);\n \u003cInterrupt\u003e\n lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53731",
"url": "https://www.suse.com/security/cve/CVE-2023-53731"
},
{
"category": "external",
"summary": "SUSE Bug 1252481 for CVE-2023-53731",
"url": "https://bugzilla.suse.com/1252481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2023-53731"
},
{
"cve": "CVE-2023-53733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: cls_u32: Undo tcf_bind_filter if u32_replace_hw_knode\n\nWhen u32_replace_hw_knode fails, we need to undo the tcf_bind_filter\noperation done at u32_set_parms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53733",
"url": "https://www.suse.com/security/cve/CVE-2023-53733"
},
{
"category": "external",
"summary": "SUSE Bug 1252685 for CVE-2023-53733",
"url": "https://bugzilla.suse.com/1252685"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2023-53733"
},
{
"cve": "CVE-2025-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38008"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/page_alloc: fix race condition in unaccepted memory handling\n\nThe page allocator tracks the number of zones that have unaccepted memory\nusing static_branch_enc/dec() and uses that static branch in hot paths to\ndetermine if it needs to deal with unaccepted memory.\n\nBorislav and Thomas pointed out that the tracking is racy: operations on\nstatic_branch are not serialized against adding/removing unaccepted pages\nto/from the zone.\n\nSanity checks inside static_branch machinery detects it:\n\nWARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0\n\nThe comment around the WARN() explains the problem:\n\n\t/*\n\t * Warn about the \u0027-1\u0027 case though; since that means a\n\t * decrement is concurrent with a first (0-\u003e1) increment. IOW\n\t * people are trying to disable something that wasn\u0027t yet fully\n\t * enabled. This suggests an ordering problem on the user side.\n\t */\n\nThe effect of this static_branch optimization is only visible on\nmicrobenchmark.\n\nInstead of adding more complexity around it, remove it altogether.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38008",
"url": "https://www.suse.com/security/cve/CVE-2025-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1244939 for CVE-2025-38008",
"url": "https://bugzilla.suse.com/1244939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38008"
},
{
"cve": "CVE-2025-38539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38539"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add down_write(trace_event_sem) when adding trace event\n\nWhen a module is loaded, it adds trace events defined by the module. It\nmay also need to modify the modules trace printk formats to replace enum\nnames with their values.\n\nIf two modules are loaded at the same time, the adding of the event to the\nftrace_events list can corrupt the walking of the list in the code that is\nmodifying the printk format strings and crash the kernel.\n\nThe addition of the event should take the trace_event_sem for write while\nit adds the new event.\n\nAlso add a lockdep_assert_held() on that semaphore in\n__trace_add_event_dirs() as it iterates the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38539",
"url": "https://www.suse.com/security/cve/CVE-2025-38539"
},
{
"category": "external",
"summary": "SUSE Bug 1248211 for CVE-2025-38539",
"url": "https://bugzilla.suse.com/1248211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38539"
},
{
"cve": "CVE-2025-38552",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38552"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: plug races between subflow fail and subflow creation\n\nWe have races similar to the one addressed by the previous patch between\nsubflow failing and additional subflow creation. They are just harder to\ntrigger.\n\nThe solution is similar. Use a separate flag to track the condition\n\u0027socket state prevent any additional subflow creation\u0027 protected by the\nfallback lock.\n\nThe socket fallback makes such flag true, and also receiving or sending\nan MP_FAIL option.\n\nThe field \u0027allow_infinite_fallback\u0027 is now always touched under the\nrelevant lock, we can drop the ONCE annotation on write.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38552",
"url": "https://www.suse.com/security/cve/CVE-2025-38552"
},
{
"category": "external",
"summary": "SUSE Bug 1248230 for CVE-2025-38552",
"url": "https://bugzilla.suse.com/1248230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38552"
},
{
"cve": "CVE-2025-38653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38653"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nproc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al\n\nCheck pde-\u003eproc_ops-\u003eproc_lseek directly may cause UAF in rmmod scenario. \nIt\u0027s a gap in proc_reg_open() after commit 654b33ada4ab(\"proc: fix UAF in\nproc_get_inode()\"). Followed by AI Viro\u0027s suggestion, fix it in same\nmanner.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38653",
"url": "https://www.suse.com/security/cve/CVE-2025-38653"
},
{
"category": "external",
"summary": "SUSE Bug 1248630 for CVE-2025-38653",
"url": "https://bugzilla.suse.com/1248630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38653"
},
{
"cve": "CVE-2025-38699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad-\u003eim is freed without setting bfad-\u003eim to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad-\u003eim again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad-\u003eim to NULL if probing fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38699",
"url": "https://www.suse.com/security/cve/CVE-2025-38699"
},
{
"category": "external",
"summary": "SUSE Bug 1249224 for CVE-2025-38699",
"url": "https://bugzilla.suse.com/1249224"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38699"
},
{
"cve": "CVE-2025-38700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38700"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: libiscsi: Initialize iscsi_conn-\u003edd_data only if memory is allocated\n\nIn case of an ib_fast_reg_mr allocation failure during iSER setup, the\nmachine hits a panic because iscsi_conn-\u003edd_data is initialized\nunconditionally, even when no memory is allocated (dd_size == 0). This\nleads invalid pointer dereference during connection teardown.\n\nFix by setting iscsi_conn-\u003edd_data only if memory is actually allocated.\n\nPanic trace:\n------------\n iser: iser_create_fastreg_desc: Failed to allocate ib_fast_reg_mr err=-12\n iser: iser_alloc_rx_descriptors: failed allocating rx descriptors / data buffers\n BUG: unable to handle page fault for address: fffffffffffffff8\n RIP: 0010:swake_up_locked.part.5+0xa/0x40\n Call Trace:\n complete+0x31/0x40\n iscsi_iser_conn_stop+0x88/0xb0 [ib_iser]\n iscsi_stop_conn+0x66/0xc0 [scsi_transport_iscsi]\n iscsi_if_stop_conn+0x14a/0x150 [scsi_transport_iscsi]\n iscsi_if_rx+0x1135/0x1834 [scsi_transport_iscsi]\n ? netlink_lookup+0x12f/0x1b0\n ? netlink_deliver_tap+0x2c/0x200\n netlink_unicast+0x1ab/0x280\n netlink_sendmsg+0x257/0x4f0\n ? _copy_from_user+0x29/0x60\n sock_sendmsg+0x5f/0x70",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38700",
"url": "https://www.suse.com/security/cve/CVE-2025-38700"
},
{
"category": "external",
"summary": "SUSE Bug 1249182 for CVE-2025-38700",
"url": "https://bugzilla.suse.com/1249182"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38700"
},
{
"cve": "CVE-2025-38718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38718"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38718",
"url": "https://www.suse.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "SUSE Bug 1249161 for CVE-2025-38718",
"url": "https://bugzilla.suse.com/1249161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-38718"
},
{
"cve": "CVE-2025-39673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39673"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nppp: fix race conditions in ppp_fill_forward_path\n\nppp_fill_forward_path() has two race conditions:\n\n1. The ppp-\u003echannels list can change between list_empty() and\n list_first_entry(), as ppp_lock() is not held. If the only channel\n is deleted in ppp_disconnect_channel(), list_first_entry() may\n access an empty head or a freed entry, and trigger a panic.\n\n2. pch-\u003echan can be NULL. When ppp_unregister_channel() is called,\n pch-\u003echan is set to NULL before pch is removed from ppp-\u003echannels.\n\nFix these by using a lockless RCU approach:\n- Use list_first_or_null_rcu() to safely test and access the first list\n entry.\n- Convert list modifications on ppp-\u003echannels to their RCU variants and\n add synchronize_net() after removal.\n- Check for a NULL pch-\u003echan before dereferencing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39673",
"url": "https://www.suse.com/security/cve/CVE-2025-39673"
},
{
"category": "external",
"summary": "SUSE Bug 1249320 for CVE-2025-39673",
"url": "https://bugzilla.suse.com/1249320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39673"
},
{
"cve": "CVE-2025-39676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39676"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla4xxx: Prevent a potential error pointer dereference\n\nThe qla4xxx_get_ep_fwdb() function is supposed to return NULL on error,\nbut qla4xxx_ep_connect() returns error pointers. Propagating the error\npointers will lead to an Oops in the caller, so change the error pointers\nto NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39676",
"url": "https://www.suse.com/security/cve/CVE-2025-39676"
},
{
"category": "external",
"summary": "SUSE Bug 1249302 for CVE-2025-39676",
"url": "https://bugzilla.suse.com/1249302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39676"
},
{
"cve": "CVE-2025-39683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39683"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Limit access to parser-\u003ebuffer when trace_get_user failed\n\nWhen the length of the string written to set_ftrace_filter exceeds\nFTRACE_BUFF_MAX, the following KASAN alarm will be triggered:\n\nBUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0\nRead of size 1 at addr ffff0000d00bd5ba by task ash/165\n\nCPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty\nHardware name: linux,dummy-virt (DT)\nCall trace:\n show_stack+0x34/0x50 (C)\n dump_stack_lvl+0xa0/0x158\n print_address_description.constprop.0+0x88/0x398\n print_report+0xb0/0x280\n kasan_report+0xa4/0xf0\n __asan_report_load1_noabort+0x20/0x30\n strsep+0x18c/0x1b0\n ftrace_process_regex.isra.0+0x100/0x2d8\n ftrace_regex_release+0x484/0x618\n __fput+0x364/0xa58\n ____fput+0x28/0x40\n task_work_run+0x154/0x278\n do_notify_resume+0x1f0/0x220\n el0_svc+0xec/0xf0\n el0t_64_sync_handler+0xa0/0xe8\n el0t_64_sync+0x1ac/0x1b0\n\nThe reason is that trace_get_user will fail when processing a string\nlonger than FTRACE_BUFF_MAX, but not set the end of parser-\u003ebuffer to 0.\nThen an OOB access will be triggered in ftrace_regex_release-\u003e\nftrace_process_regex-\u003estrsep-\u003estrpbrk. We can solve this problem by\nlimiting access to parser-\u003ebuffer when trace_get_user failed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39683",
"url": "https://www.suse.com/security/cve/CVE-2025-39683"
},
{
"category": "external",
"summary": "SUSE Bug 1249286 for CVE-2025-39683",
"url": "https://bugzilla.suse.com/1249286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39683"
},
{
"cve": "CVE-2025-39697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a race when updating an existing write\n\nAfter nfs_lock_and_join_requests() tests for whether the request is\nstill attached to the mapping, nothing prevents a call to\nnfs_inode_remove_request() from succeeding until we actually lock the\npage group.\nThe reason is that whoever called nfs_inode_remove_request() doesn\u0027t\nnecessarily have a lock on the page group head.\n\nSo in order to avoid races, let\u0027s take the page group lock earlier in\nnfs_lock_and_join_requests(), and hold it across the removal of the\nrequest in nfs_inode_remove_request().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39697",
"url": "https://www.suse.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "SUSE Bug 1249319 for CVE-2025-39697",
"url": "https://bugzilla.suse.com/1249319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39697"
},
{
"cve": "CVE-2025-39702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39702",
"url": "https://www.suse.com/security/cve/CVE-2025-39702"
},
{
"category": "external",
"summary": "SUSE Bug 1249317 for CVE-2025-39702",
"url": "https://bugzilla.suse.com/1249317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39702"
},
{
"cve": "CVE-2025-39756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: Prevent file descriptor table allocations exceeding INT_MAX\n\nWhen sysctl_nr_open is set to a very high value (for example, 1073741816\nas set by systemd), processes attempting to use file descriptors near\nthe limit can trigger massive memory allocation attempts that exceed\nINT_MAX, resulting in a WARNING in mm/slub.c:\n\n WARNING: CPU: 0 PID: 44 at mm/slub.c:5027 __kvmalloc_node_noprof+0x21a/0x288\n\nThis happens because kvmalloc_array() and kvmalloc() check if the\nrequested size exceeds INT_MAX and emit a warning when the allocation is\nnot flagged with __GFP_NOWARN.\n\nSpecifically, when nr_open is set to 1073741816 (0x3ffffff8) and a\nprocess calls dup2(oldfd, 1073741880), the kernel attempts to allocate:\n- File descriptor array: 1073741880 * 8 bytes = 8,589,935,040 bytes\n- Multiple bitmaps: ~400MB\n- Total allocation size: \u003e 8GB (exceeding INT_MAX = 2,147,483,647)\n\nReproducer:\n1. Set /proc/sys/fs/nr_open to 1073741816:\n # echo 1073741816 \u003e /proc/sys/fs/nr_open\n\n2. Run a program that uses a high file descriptor:\n #include \u003cunistd.h\u003e\n #include \u003csys/resource.h\u003e\n\n int main() {\n struct rlimit rlim = {1073741824, 1073741824};\n setrlimit(RLIMIT_NOFILE, \u0026rlim);\n dup2(2, 1073741880); // Triggers the warning\n return 0;\n }\n\n3. Observe WARNING in dmesg at mm/slub.c:5027\n\nsystemd commit a8b627a introduced automatic bumping of fs.nr_open to the\nmaximum possible value. The rationale was that systems with memory\ncontrol groups (memcg) no longer need separate file descriptor limits\nsince memory is properly accounted. However, this change overlooked\nthat:\n\n1. The kernel\u0027s allocation functions still enforce INT_MAX as a maximum\n size regardless of memcg accounting\n2. Programs and tests that legitimately test file descriptor limits can\n inadvertently trigger massive allocations\n3. The resulting allocations (\u003e8GB) are impractical and will always fail\n\nsystemd\u0027s algorithm starts with INT_MAX and keeps halving the value\nuntil the kernel accepts it. On most systems, this results in nr_open\nbeing set to 1073741816 (0x3ffffff8), which is just under 1GB of file\ndescriptors.\n\nWhile processes rarely use file descriptors near this limit in normal\noperation, certain selftests (like\ntools/testing/selftests/core/unshare_test.c) and programs that test file\ndescriptor limits can trigger this issue.\n\nFix this by adding a check in alloc_fdtable() to ensure the requested\nallocation size does not exceed INT_MAX. This causes the operation to\nfail with -EMFILE instead of triggering a kernel warning and avoids the\nimpractical \u003e8GB memory allocation request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39756",
"url": "https://www.suse.com/security/cve/CVE-2025-39756"
},
{
"category": "external",
"summary": "SUSE Bug 1249512 for CVE-2025-39756",
"url": "https://bugzilla.suse.com/1249512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39756"
},
{
"cve": "CVE-2025-39794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: tegra: Use I/O memcpy to write to IRAM\n\nKasan crashes the kernel trying to check boundaries when using the\nnormal memcpy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39794",
"url": "https://www.suse.com/security/cve/CVE-2025-39794"
},
{
"category": "external",
"summary": "SUSE Bug 1249595 for CVE-2025-39794",
"url": "https://bugzilla.suse.com/1249595"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39794"
},
{
"cve": "CVE-2025-39797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Duplicate SPI Handling\n\nThe issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI\nNetlink message, which triggers the kernel function xfrm_alloc_spi().\nThis function is expected to ensure uniqueness of the Security Parameter\nIndex (SPI) for inbound Security Associations (SAs). However, it can\nreturn success even when the requested SPI is already in use, leading\nto duplicate SPIs assigned to multiple inbound SAs, differentiated\nonly by their destination addresses.\n\nThis behavior causes inconsistencies during SPI lookups for inbound packets.\nSince the lookup may return an arbitrary SA among those with the same SPI,\npacket processing can fail, resulting in packet drops.\n\nAccording to RFC 4301 section 4.4.2 , for inbound processing a unicast SA\nis uniquely identified by the SPI and optionally protocol.\n\nReproducing the Issue Reliably:\nTo consistently reproduce the problem, restrict the available SPI range in\ncharon.conf : spi_min = 0x10000000 spi_max = 0x10000002\nThis limits the system to only 2 usable SPI values.\nNext, create more than 2 Child SA. each using unique pair of src/dst address.\nAs soon as the 3rd Child SA is initiated, it will be assigned a duplicate\nSPI, since the SPI pool is already exhausted.\nWith a narrow SPI range, the issue is consistently reproducible.\nWith a broader/default range, it becomes rare and unpredictable.\n\nCurrent implementation:\nxfrm_spi_hash() lookup function computes hash using daddr, proto, and family.\nSo if two SAs have the same SPI but different destination addresses, then\nthey will:\na. Hash into different buckets\nb. Be stored in different linked lists (byspi + h)\nc. Not be seen in the same hlist_for_each_entry_rcu() iteration.\nAs a result, the lookup will result in NULL and kernel allows that Duplicate SPI\n\nProposed Change:\nxfrm_state_lookup_spi_proto() does a truly global search - across all states,\nregardless of hash bucket and matches SPI and proto.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39797",
"url": "https://www.suse.com/security/cve/CVE-2025-39797"
},
{
"category": "external",
"summary": "SUSE Bug 1249608 for CVE-2025-39797",
"url": "https://bugzilla.suse.com/1249608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39797"
},
{
"cve": "CVE-2025-39812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39812"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39812",
"url": "https://www.suse.com/security/cve/CVE-2025-39812"
},
{
"category": "external",
"summary": "SUSE Bug 1250202 for CVE-2025-39812",
"url": "https://bugzilla.suse.com/1250202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39812"
},
{
"cve": "CVE-2025-39813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39813"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n\nWhen calling ftrace_dump_one() concurrently with reading trace_pipe,\na WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race\ncondition.\n\nThe issue occurs because:\n\nCPU0 (ftrace_dump) CPU1 (reader)\necho z \u003e /proc/sysrq-trigger\n\n!trace_empty(\u0026iter)\ntrace_iterator_reset(\u0026iter) \u003c- len = size = 0\n cat /sys/kernel/tracing/trace_pipe\ntrace_find_next_entry_inc(\u0026iter)\n __find_next_entry\n ring_buffer_empty_cpu \u003c- all empty\n return NULL\n\ntrace_printk_seq(\u0026iter.seq)\n WARN_ON_ONCE(s-\u003eseq.len \u003e= s-\u003eseq.size)\n\nIn the context between trace_empty() and trace_find_next_entry_inc()\nduring ftrace_dump, the ring buffer data was consumed by other readers.\nThis caused trace_find_next_entry_inc to return NULL, failing to populate\n`iter.seq`. At this point, due to the prior trace_iterator_reset, both\n`iter.seq.len` and `iter.seq.size` were set to 0. Since they are equal,\nthe WARN_ON_ONCE condition is triggered.\n\nMove the trace_printk_seq() into the if block that checks to make sure the\nreturn value of trace_find_next_entry_inc() is non-NULL in\nftrace_dump_one(), ensuring the \u0027iter.seq\u0027 is properly populated before\nsubsequent operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39813",
"url": "https://www.suse.com/security/cve/CVE-2025-39813"
},
{
"category": "external",
"summary": "SUSE Bug 1250032 for CVE-2025-39813",
"url": "https://bugzilla.suse.com/1250032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39813"
},
{
"cve": "CVE-2025-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39828"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n\nsyzbot reported the splat below. [0]\n\nWhen atmtcp_v_open() or atmtcp_v_close() is called via connect()\nor close(), atmtcp_send_control() is called to send an in-kernel\nspecial message.\n\nThe message has ATMTCP_HDR_MAGIC in atmtcp_control.hdr.length.\nAlso, a pointer of struct atm_vcc is set to atmtcp_control.vcc.\n\nThe notable thing is struct atmtcp_control is uAPI but has a\nspace for an in-kernel pointer.\n\n struct atmtcp_control {\n \tstruct atmtcp_hdr hdr;\t/* must be first */\n ...\n \tatm_kptr_t vcc;\t\t/* both directions */\n ...\n } __ATM_API_ALIGN;\n\n typedef struct { unsigned char _[8]; } __ATM_API_ALIGN atm_kptr_t;\n\nThe special message is processed in atmtcp_recv_control() called\nfrom atmtcp_c_send().\n\natmtcp_c_send() is vcc-\u003edev-\u003eops-\u003esend() and called from 2 paths:\n\n 1. .ndo_start_xmit() (vcc-\u003esend() == atm_send_aal0())\n 2. vcc_sendmsg()\n\nThe problem is sendmsg() does not validate the message length and\nuserspace can abuse atmtcp_recv_control() to overwrite any kptr\nby atmtcp_control.\n\nLet\u0027s add a new -\u003epre_send() hook to validate messages from sendmsg().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc00200000ab: 0000 [#1] SMP KASAN PTI\nKASAN: probably user-memory-access in range [0x0000000100000558-0x000000010000055f]\nCPU: 0 UID: 0 PID: 5865 Comm: syz-executor331 Not tainted 6.17.0-rc1-syzkaller-00215-gbab3ce404553 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:atmtcp_recv_control drivers/atm/atmtcp.c:93 [inline]\nRIP: 0010:atmtcp_c_send+0x1da/0x950 drivers/atm/atmtcp.c:297\nCode: 4d 8d 75 1a 4c 89 f0 48 c1 e8 03 42 0f b6 04 20 84 c0 0f 85 15 06 00 00 41 0f b7 1e 4d 8d b7 60 05 00 00 4c 89 f0 48 c1 e8 03 \u003c42\u003e 0f b6 04 20 84 c0 0f 85 13 06 00 00 66 41 89 1e 4d 8d 75 1c 4c\nRSP: 0018:ffffc90003f5f810 EFLAGS: 00010203\nRAX: 00000000200000ab RBX: 0000000000000000 RCX: 0000000000000000\nRDX: ffff88802a510000 RSI: 00000000ffffffff RDI: ffff888030a6068c\nRBP: ffff88802699fb40 R08: ffff888030a606eb R09: 1ffff1100614c0dd\nR10: dffffc0000000000 R11: ffffffff8718fc40 R12: dffffc0000000000\nR13: ffff888030a60680 R14: 000000010000055f R15: 00000000ffffffff\nFS: 00007f8d7e9236c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000045ad50 CR3: 0000000075bde000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n vcc_sendmsg+0xa10/0xc60 net/atm/common.c:645\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n ____sys_sendmsg+0x505/0x830 net/socket.c:2614\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n __sys_sendmsg net/socket.c:2700 [inline]\n __do_sys_sendmsg net/socket.c:2705 [inline]\n __se_sys_sendmsg net/socket.c:2703 [inline]\n __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f8d7e96a4a9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f8d7e923198 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f8d7e9f4308 RCX: 00007f8d7e96a4a9\nRDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005\nRBP: 00007f8d7e9f4300 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f8d7e9c10ac\nR13: 00007f8d7e9231a0 R14: 0000200000000200 R15: 0000200000000250\n \u003c/TASK\u003e\nModules linked in:",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39828",
"url": "https://www.suse.com/security/cve/CVE-2025-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1250205 for CVE-2025-39828",
"url": "https://bugzilla.suse.com/1250205"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39828"
},
{
"cve": "CVE-2025-39841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39841"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39841",
"url": "https://www.suse.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "SUSE Bug 1250274 for CVE-2025-39841",
"url": "https://bugzilla.suse.com/1250274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39841"
},
{
"cve": "CVE-2025-39851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39851"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix NPD when refreshing an FDB entry with a nexthop object\n\nVXLAN FDB entries can point to either a remote destination or an FDB\nnexthop group. The latter is usually used in EVPN deployments where\nlearning is disabled.\n\nHowever, when learning is enabled, an incoming packet might try to\nrefresh an FDB entry that points to an FDB nexthop group and therefore\ndoes not have a remote. Such packets should be dropped, but they are\nonly dropped after dereferencing the non-existent remote, resulting in a\nNPD [1] which can be reproduced using [2].\n\nFix by dropping such packets earlier. Remove the misleading comment from\nfirst_remote_rcu().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nCPU: 13 UID: 0 PID: 361 Comm: mausezahn Not tainted 6.17.0-rc1-virtme-g9f6b606b6b37 #1 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.17.0-4.fc41 04/01/2014\nRIP: 0010:vxlan_snoop+0x98/0x1e0\n[...]\nCall Trace:\n \u003cTASK\u003e\n vxlan_encap_bypass+0x209/0x240\n encap_bypass_if_local+0xb1/0x100\n vxlan_xmit_one+0x1375/0x17e0\n vxlan_xmit+0x6b4/0x15f0\n dev_hard_start_xmit+0x5d/0x1c0\n __dev_queue_xmit+0x246/0xfd0\n packet_sendmsg+0x113a/0x1850\n __sock_sendmsg+0x38/0x70\n __sys_sendto+0x126/0x180\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0xa4/0x260\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\n #!/bin/bash\n\n ip address add 192.0.2.1/32 dev lo\n ip address add 192.0.2.2/32 dev lo\n\n ip nexthop add id 1 via 192.0.2.3 fdb\n ip nexthop add id 10 group 1 fdb\n\n ip link add name vx0 up type vxlan id 10010 local 192.0.2.1 dstport 12345 localbypass\n ip link add name vx1 up type vxlan id 10020 local 192.0.2.2 dstport 54321 learning\n\n bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 192.0.2.2 port 54321 vni 10020\n bridge fdb add 00:aa:bb:cc:dd:ee dev vx1 self static nhid 10\n\n mausezahn vx0 -a 00:aa:bb:cc:dd:ee -b 00:11:22:33:44:55 -c 1 -q",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39851",
"url": "https://www.suse.com/security/cve/CVE-2025-39851"
},
{
"category": "external",
"summary": "SUSE Bug 1250296 for CVE-2025-39851",
"url": "https://bugzilla.suse.com/1250296"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39851"
},
{
"cve": "CVE-2025-39866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39866"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: writeback: fix use-after-free in __mark_inode_dirty()\n\nAn use-after-free issue occurred when __mark_inode_dirty() get the\nbdi_writeback that was in the progress of switching.\n\nCPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1\n......\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : __mark_inode_dirty+0x124/0x418\nlr : __mark_inode_dirty+0x118/0x418\nsp : ffffffc08c9dbbc0\n........\nCall trace:\n __mark_inode_dirty+0x124/0x418\n generic_update_time+0x4c/0x60\n file_modified+0xcc/0xd0\n ext4_buffered_write_iter+0x58/0x124\n ext4_file_write_iter+0x54/0x704\n vfs_write+0x1c0/0x308\n ksys_write+0x74/0x10c\n __arm64_sys_write+0x1c/0x28\n invoke_syscall+0x48/0x114\n el0_svc_common.constprop.0+0xc0/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x40/0xe4\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x194/0x198\n\nRoot cause is:\n\nsystemd-random-seed kworker\n----------------------------------------------------------------------\n___mark_inode_dirty inode_switch_wbs_work_fn\n\n spin_lock(\u0026inode-\u003ei_lock);\n inode_attach_wb\n locked_inode_to_wb_and_lock_list\n get inode-\u003ei_wb\n spin_unlock(\u0026inode-\u003ei_lock);\n spin_lock(\u0026wb-\u003elist_lock)\n spin_lock(\u0026inode-\u003ei_lock)\n inode_io_list_move_locked\n spin_unlock(\u0026wb-\u003elist_lock)\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_lock(\u0026old_wb-\u003elist_lock)\n inode_do_switch_wbs\n spin_lock(\u0026inode-\u003ei_lock)\n inode-\u003ei_wb = new_wb\n spin_unlock(\u0026inode-\u003ei_lock)\n spin_unlock(\u0026old_wb-\u003elist_lock)\n wb_put_many(old_wb, nr_switched)\n cgwb_release\n old wb released\n wb_wakeup_delayed() accesses wb,\n then trigger the use-after-free\n issue\n\nFix this race condition by holding inode spinlock until\nwb_wakeup_delayed() finished.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39866",
"url": "https://www.suse.com/security/cve/CVE-2025-39866"
},
{
"category": "external",
"summary": "SUSE Bug 1250455 for CVE-2025-39866",
"url": "https://bugzilla.suse.com/1250455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39866"
},
{
"cve": "CVE-2025-39876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39876"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n\nThe function of_phy_find_device may return NULL, so we need to take\ncare before dereferencing phy_dev.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39876",
"url": "https://www.suse.com/security/cve/CVE-2025-39876"
},
{
"category": "external",
"summary": "SUSE Bug 1250400 for CVE-2025-39876",
"url": "https://bugzilla.suse.com/1250400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39876"
},
{
"cve": "CVE-2025-39881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39881"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernfs: Fix UAF in polling when open file is released\n\nA use-after-free (UAF) vulnerability was identified in the PSI (Pressure\nStall Information) monitoring mechanism:\n\nBUG: KASAN: slab-use-after-free in psi_trigger_poll+0x3c/0x140\nRead of size 8 at addr ffff3de3d50bd308 by task systemd/1\n\npsi_trigger_poll+0x3c/0x140\ncgroup_pressure_poll+0x70/0xa0\ncgroup_file_poll+0x8c/0x100\nkernfs_fop_poll+0x11c/0x1c0\nep_item_poll.isra.0+0x188/0x2c0\n\nAllocated by task 1:\ncgroup_file_open+0x88/0x388\nkernfs_fop_open+0x73c/0xaf0\ndo_dentry_open+0x5fc/0x1200\nvfs_open+0xa0/0x3f0\ndo_open+0x7e8/0xd08\npath_openat+0x2fc/0x6b0\ndo_filp_open+0x174/0x368\n\nFreed by task 8462:\ncgroup_file_release+0x130/0x1f8\nkernfs_drain_open_files+0x17c/0x440\nkernfs_drain+0x2dc/0x360\nkernfs_show+0x1b8/0x288\ncgroup_file_show+0x150/0x268\ncgroup_pressure_write+0x1dc/0x340\ncgroup_file_write+0x274/0x548\n\nReproduction Steps:\n1. Open test/cpu.pressure and establish epoll monitoring\n2. Disable monitoring: echo 0 \u003e test/cgroup.pressure\n3. Re-enable monitoring: echo 1 \u003e test/cgroup.pressure\n\nThe race condition occurs because:\n1. When cgroup.pressure is disabled (echo 0 \u003e cgroup.pressure), it:\n - Releases PSI triggers via cgroup_file_release()\n - Frees of-\u003epriv through kernfs_drain_open_files()\n2. While epoll still holds reference to the file and continues polling\n3. Re-enabling (echo 1 \u003e cgroup.pressure) accesses freed of-\u003epriv\n\nepolling\t\t\tdisable/enable cgroup.pressure\nfd=open(cpu.pressure)\nwhile(1)\n...\nepoll_wait\nkernfs_fop_poll\nkernfs_get_active = true\techo 0 \u003e cgroup.pressure\n...\t\t\t\tcgroup_file_show\n\t\t\t\tkernfs_show\n\t\t\t\t// inactive kn\n\t\t\t\tkernfs_drain_open_files\n\t\t\t\tcft-\u003erelease(of);\n\t\t\t\tkfree(ctx);\n\t\t\t\t...\nkernfs_get_active = false\n\t\t\t\techo 1 \u003e cgroup.pressure\n\t\t\t\tkernfs_show\n\t\t\t\tkernfs_activate_one(kn);\nkernfs_fop_poll\nkernfs_get_active = true\ncgroup_file_poll\npsi_trigger_poll\n// UAF\n...\nend: close(fd)\n\nTo address this issue, introduce kernfs_get_active_of() for kernfs open\nfiles to obtain active references. This function will fail if the open file\nhas been released. Replace kernfs_get_active() with kernfs_get_active_of()\nto prevent further operations on released file descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39881",
"url": "https://www.suse.com/security/cve/CVE-2025-39881"
},
{
"category": "external",
"summary": "SUSE Bug 1250379 for CVE-2025-39881",
"url": "https://bugzilla.suse.com/1250379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39881"
},
{
"cve": "CVE-2025-39895",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39895"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix sched_numa_find_nth_cpu() if mask offline\n\nsched_numa_find_nth_cpu() uses a bsearch to look for the \u0027closest\u0027\nCPU in sched_domains_numa_masks and given cpus mask. However they\nmight not intersect if all CPUs in the cpus mask are offline. bsearch\nwill return NULL in that case, bail out instead of dereferencing a\nbogus pointer.\n\nThe previous behaviour lead to this bug when using maxcpus=4 on an\nrk3399 (LLLLbb) (i.e. booting with all big CPUs offline):\n\n[ 1.422922] Unable to handle kernel paging request at virtual address ffffff8000000000\n[ 1.423635] Mem abort info:\n[ 1.423889] ESR = 0x0000000096000006\n[ 1.424227] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 1.424715] SET = 0, FnV = 0\n[ 1.424995] EA = 0, S1PTW = 0\n[ 1.425279] FSC = 0x06: level 2 translation fault\n[ 1.425735] Data abort info:\n[ 1.425998] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000\n[ 1.426499] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 1.426952] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 1.427428] swapper pgtable: 4k pages, 39-bit VAs, pgdp=0000000004a9f000\n[ 1.428038] [ffffff8000000000] pgd=18000000f7fff403, p4d=18000000f7fff403, pud=18000000f7fff403, pmd=0000000000000000\n[ 1.429014] Internal error: Oops: 0000000096000006 [#1] SMP\n[ 1.429525] Modules linked in:\n[ 1.429813] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc4-dirty #343 PREEMPT\n[ 1.430559] Hardware name: Pine64 RockPro64 v2.1 (DT)\n[ 1.431012] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 1.431634] pc : sched_numa_find_nth_cpu+0x2a0/0x488\n[ 1.432094] lr : sched_numa_find_nth_cpu+0x284/0x488\n[ 1.432543] sp : ffffffc084e1b960\n[ 1.432843] x29: ffffffc084e1b960 x28: ffffff80078a8800 x27: ffffffc0846eb1d0\n[ 1.433495] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000\n[ 1.434144] x23: 0000000000000000 x22: fffffffffff7f093 x21: ffffffc081de6378\n[ 1.434792] x20: 0000000000000000 x19: 0000000ffff7f093 x18: 00000000ffffffff\n[ 1.435441] x17: 3030303866666666 x16: 66663d736b73616d x15: ffffffc104e1b5b7\n[ 1.436091] x14: 0000000000000000 x13: ffffffc084712860 x12: 0000000000000372\n[ 1.436739] x11: 0000000000000126 x10: ffffffc08476a860 x9 : ffffffc084712860\n[ 1.437389] x8 : 00000000ffffefff x7 : ffffffc08476a860 x6 : 0000000000000000\n[ 1.438036] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000\n[ 1.438683] x2 : 0000000000000000 x1 : ffffffc0846eb000 x0 : ffffff8000407b68\n[ 1.439332] Call trace:\n[ 1.439559] sched_numa_find_nth_cpu+0x2a0/0x488 (P)\n[ 1.440016] smp_call_function_any+0xc8/0xd0\n[ 1.440416] armv8_pmu_init+0x58/0x27c\n[ 1.440770] armv8_cortex_a72_pmu_init+0x20/0x2c\n[ 1.441199] arm_pmu_device_probe+0x1e4/0x5e8\n[ 1.441603] armv8_pmu_device_probe+0x1c/0x28\n[ 1.442007] platform_probe+0x5c/0xac\n[ 1.442347] really_probe+0xbc/0x298\n[ 1.442683] __driver_probe_device+0x78/0x12c\n[ 1.443087] driver_probe_device+0xdc/0x160\n[ 1.443475] __driver_attach+0x94/0x19c\n[ 1.443833] bus_for_each_dev+0x74/0xd4\n[ 1.444190] driver_attach+0x24/0x30\n[ 1.444525] bus_add_driver+0xe4/0x208\n[ 1.444874] driver_register+0x60/0x128\n[ 1.445233] __platform_driver_register+0x24/0x30\n[ 1.445662] armv8_pmu_driver_init+0x28/0x4c\n[ 1.446059] do_one_initcall+0x44/0x25c\n[ 1.446416] kernel_init_freeable+0x1dc/0x3bc\n[ 1.446820] kernel_init+0x20/0x1d8\n[ 1.447151] ret_from_fork+0x10/0x20\n[ 1.447493] Code: 90022e21 f000e5f5 910de2b5 2a1703e2 (f8767803)\n[ 1.448040] ---[ end trace 0000000000000000 ]---\n[ 1.448483] note: swapper/0[1] exited with preempt_count 1\n[ 1.449047] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 1.449741] SMP: stopping secondary CPUs\n[ 1.450105] Kernel Offset: disabled\n[ 1.450419] CPU features: 0x000000,00080000,20002001,0400421b\n[ \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39895",
"url": "https://www.suse.com/security/cve/CVE-2025-39895"
},
{
"category": "external",
"summary": "SUSE Bug 1250721 for CVE-2025-39895",
"url": "https://bugzilla.suse.com/1250721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39895"
},
{
"cve": "CVE-2025-39898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39898"
}
],
"notes": [
{
"category": "general",
"text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39898",
"url": "https://www.suse.com/security/cve/CVE-2025-39898"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1250742 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250742"
},
{
"category": "external",
"summary": "SUSE Bug 1250744 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1250744"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-39898",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2025-39898"
},
{
"cve": "CVE-2025-39902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39902"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid accessing metadata when pointer is invalid in object_err()\n\nobject_err() reports details of an object for further debugging, such as\nthe freelist pointer, redzone, etc. However, if the pointer is invalid,\nattempting to access object metadata can lead to a crash since it does\nnot point to a valid object.\n\nOne known path to the crash is when alloc_consistency_checks()\ndetermines the pointer to the allocated object is invalid because of a\nfreelist corruption, and calls object_err() to report it. The debug code\nshould report and handle the corruption gracefully and not crash in the\nprocess.\n\nIn case the pointer is NULL or check_valid_pointer() returns false for\nthe pointer, only print the pointer value and skip accessing metadata.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39902",
"url": "https://www.suse.com/security/cve/CVE-2025-39902"
},
{
"category": "external",
"summary": "SUSE Bug 1250702 for CVE-2025-39902",
"url": "https://bugzilla.suse.com/1250702"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39902"
},
{
"cve": "CVE-2025-39911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39911"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n\nIf request_irq() in i40e_vsi_request_irq_msix() fails in an iteration\nlater than the first, the error path wants to free the IRQs requested\nso far. However, it uses the wrong dev_id argument for free_irq(), so\nit does not free the IRQs correctly and instead triggers the warning:\n\n Trying to free already-free IRQ 173\n WARNING: CPU: 25 PID: 1091 at kernel/irq/manage.c:1829 __free_irq+0x192/0x2c0\n Modules linked in: i40e(+) [...]\n CPU: 25 UID: 0 PID: 1091 Comm: NetworkManager Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: [...]\n RIP: 0010:__free_irq+0x192/0x2c0\n [...]\n Call Trace:\n \u003cTASK\u003e\n free_irq+0x32/0x70\n i40e_vsi_request_irq_msix.cold+0x63/0x8b [i40e]\n i40e_vsi_request_irq+0x79/0x80 [i40e]\n i40e_vsi_open+0x21f/0x2f0 [i40e]\n i40e_open+0x63/0x130 [i40e]\n __dev_open+0xfc/0x210\n __dev_change_flags+0x1fc/0x240\n netif_change_flags+0x27/0x70\n do_setlink.isra.0+0x341/0xc70\n rtnl_newlink+0x468/0x860\n rtnetlink_rcv_msg+0x375/0x450\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x288/0x3c0\n netlink_sendmsg+0x20d/0x430\n ____sys_sendmsg+0x3a2/0x3d0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x82/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n [...]\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nUse the same dev_id for free_irq() as for request_irq().\n\nI tested this with inserting code to fail intentionally.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39911",
"url": "https://www.suse.com/security/cve/CVE-2025-39911"
},
{
"category": "external",
"summary": "SUSE Bug 1250704 for CVE-2025-39911",
"url": "https://bugzilla.suse.com/1250704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39911"
},
{
"cve": "CVE-2025-39931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39931"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39931",
"url": "https://www.suse.com/security/cve/CVE-2025-39931"
},
{
"category": "external",
"summary": "SUSE Bug 1251100 for CVE-2025-39931",
"url": "https://bugzilla.suse.com/1251100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39931"
},
{
"cve": "CVE-2025-39934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39934"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: anx7625: Fix NULL pointer dereference with early IRQ\n\nIf the interrupt occurs before resource initialization is complete, the\ninterrupt handler/worker may access uninitialized data such as the I2C\ntcpc_client device, potentially leading to NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39934",
"url": "https://www.suse.com/security/cve/CVE-2025-39934"
},
{
"category": "external",
"summary": "SUSE Bug 1251146 for CVE-2025-39934",
"url": "https://bugzilla.suse.com/1251146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39934"
},
{
"cve": "CVE-2025-39937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39937"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n\nSince commit 7d5e9737efda (\"net: rfkill: gpio: get the name and type from\ndevice property\") rfkill_find_type() gets called with the possibly\nuninitialized \"const char *type_name;\" local variable.\n\nOn x86 systems when rfkill-gpio binds to a \"BCM4752\" or \"LNV4752\"\nacpi_device, the rfkill-\u003etype is set based on the ACPI acpi_device_id:\n\n rfkill-\u003etype = (unsigned)id-\u003edriver_data;\n\nand there is no \"type\" property so device_property_read_string() will fail\nand leave type_name uninitialized, leading to a potential crash.\n\nrfkill_find_type() does accept a NULL pointer, fix the potential crash\nby initializing type_name to NULL.\n\nNote likely sofar this has not been caught because:\n\n1. Not many x86 machines actually have a \"BCM4752\"/\"LNV4752\" acpi_device\n2. The stack happened to contain NULL where type_name is stored",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39937",
"url": "https://www.suse.com/security/cve/CVE-2025-39937"
},
{
"category": "external",
"summary": "SUSE Bug 1251143 for CVE-2025-39937",
"url": "https://bugzilla.suse.com/1251143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39937"
},
{
"cve": "CVE-2025-39938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39938"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed\n\nIf earlier opening of source graph fails (e.g. ADSP rejects due to\nincorrect audioreach topology), the graph is closed and\n\"dai_data-\u003egraph[dai-\u003eid]\" is assigned NULL. Preparing the DAI for sink\ngraph continues though and next call to q6apm_lpass_dai_prepare()\nreceives dai_data-\u003egraph[dai-\u003eid]=NULL leading to NULL pointer\nexception:\n\n qcom-apm gprsvc:service:2:1: Error (1) Processing 0x01001002 cmd\n qcom-apm gprsvc:service:2:1: DSP returned error[1001002] 1\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: fail to start APM port 78\n q6apm-lpass-dais 30000000.remoteproc:glink-edge:gpr:service@1:bedais: ASoC: error at snd_soc_pcm_dai_prepare on TX_CODEC_DMA_TX_3: -22\n Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a8\n ...\n Call trace:\n q6apm_graph_media_format_pcm+0x48/0x120 (P)\n q6apm_lpass_dai_prepare+0x110/0x1b4\n snd_soc_pcm_dai_prepare+0x74/0x108\n __soc_pcm_prepare+0x44/0x160\n dpcm_be_dai_prepare+0x124/0x1c0",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39938",
"url": "https://www.suse.com/security/cve/CVE-2025-39938"
},
{
"category": "external",
"summary": "SUSE Bug 1251134 for CVE-2025-39938",
"url": "https://bugzilla.suse.com/1251134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39938"
},
{
"cve": "CVE-2025-39945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39945"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item \u0027delete_task\u0027 has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp-\u003edev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays - such as inserting calls to ssleep()\nwithin the cnic_delete_task() function - to increase the likelihood\nof triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39945",
"url": "https://www.suse.com/security/cve/CVE-2025-39945"
},
{
"category": "external",
"summary": "SUSE Bug 1251230 for CVE-2025-39945",
"url": "https://bugzilla.suse.com/1251230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39945"
},
{
"cve": "CVE-2025-39946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39946"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: make sure to abort the stream if headers are bogus\n\nNormally we wait for the socket to buffer up the whole record\nbefore we service it. If the socket has a tiny buffer, however,\nwe read out the data sooner, to prevent connection stalls.\nMake sure that we abort the connection when we find out late\nthat the record is actually invalid. Retrying the parsing is\nfine in itself but since we copy some more data each time\nbefore we parse we can overflow the allocated skb space.\n\nConstructing a scenario in which we\u0027re under pressure without\nenough data in the socket to parse the length upfront is quite\nhard. syzbot figured out a way to do this by serving us the header\nin small OOB sends, and then filling in the recvbuf with a large\nnormal send.\n\nMake sure that tls_rx_msg_size() aborts strp, if we reach\nan invalid record there\u0027s really no way to recover.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39946",
"url": "https://www.suse.com/security/cve/CVE-2025-39946"
},
{
"category": "external",
"summary": "SUSE Bug 1251114 for CVE-2025-39946",
"url": "https://bugzilla.suse.com/1251114"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39946"
},
{
"cve": "CVE-2025-39947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39947"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Harden uplink netdev access against device unbind\n\nThe function mlx5_uplink_netdev_get() gets the uplink netdevice\npointer from mdev-\u003emlx5e_res.uplink_netdev. However, the netdevice can\nbe removed and its pointer cleared when unbound from the mlx5_core.eth\ndriver. This results in a NULL pointer, causing a kernel panic.\n\n BUG: unable to handle page fault for address: 0000000000001300\n at RIP: 0010:mlx5e_vport_rep_load+0x22a/0x270 [mlx5_core]\n Call Trace:\n \u003cTASK\u003e\n mlx5_esw_offloads_rep_load+0x68/0xe0 [mlx5_core]\n esw_offloads_enable+0x593/0x910 [mlx5_core]\n mlx5_eswitch_enable_locked+0x341/0x420 [mlx5_core]\n mlx5_devlink_eswitch_mode_set+0x17e/0x3a0 [mlx5_core]\n devlink_nl_eswitch_set_doit+0x60/0xd0\n genl_family_rcv_msg_doit+0xe0/0x130\n genl_rcv_msg+0x183/0x290\n netlink_rcv_skb+0x4b/0xf0\n genl_rcv+0x24/0x40\n netlink_unicast+0x255/0x380\n netlink_sendmsg+0x1f3/0x420\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x119/0x180\n do_syscall_64+0x53/0x1d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nEnsure the pointer is valid before use by checking it for NULL. If it\nis valid, immediately call netdev_hold() to take a reference, and\npreventing the netdevice from being freed while it is in use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39947",
"url": "https://www.suse.com/security/cve/CVE-2025-39947"
},
{
"category": "external",
"summary": "SUSE Bug 1251232 for CVE-2025-39947",
"url": "https://bugzilla.suse.com/1251232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39947"
},
{
"cve": "CVE-2025-39948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39948"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix Rx page leak on multi-buffer frames\n\nThe ice_put_rx_mbuf() function handles calling ice_put_rx_buf() for each\nbuffer in the current frame. This function was introduced as part of\nhandling multi-buffer XDP support in the ice driver.\n\nIt works by iterating over the buffers from first_desc up to 1 plus the\ntotal number of fragments in the frame, cached from before the XDP program\nwas executed.\n\nIf the hardware posts a descriptor with a size of 0, the logic used in\nice_put_rx_mbuf() breaks. Such descriptors get skipped and don\u0027t get added\nas fragments in ice_add_xdp_frag. Since the buffer isn\u0027t counted as a\nfragment, we do not iterate over it in ice_put_rx_mbuf(), and thus we don\u0027t\ncall ice_put_rx_buf().\n\nBecause we don\u0027t call ice_put_rx_buf(), we don\u0027t attempt to re-use the\npage or free it. This leaves a stale page in the ring, as we don\u0027t\nincrement next_to_alloc.\n\nThe ice_reuse_rx_page() assumes that the next_to_alloc has been incremented\nproperly, and that it always points to a buffer with a NULL page. Since\nthis function doesn\u0027t check, it will happily recycle a page over the top\nof the next_to_alloc buffer, losing track of the old page.\n\nNote that this leak only occurs for multi-buffer frames. The\nice_put_rx_mbuf() function always handles at least one buffer, so a\nsingle-buffer frame will always get handled correctly. It is not clear\nprecisely why the hardware hands us descriptors with a size of 0 sometimes,\nbut it happens somewhat regularly with \"jumbo frames\" used by 9K MTU.\n\nTo fix ice_put_rx_mbuf(), we need to make sure to call ice_put_rx_buf() on\nall buffers between first_desc and next_to_clean. Borrow the logic of a\nsimilar function in i40e used for this same purpose. Use the same logic\nalso in ice_get_pgcnts().\n\nInstead of iterating over just the number of fragments, use a loop which\niterates until the current index reaches to the next_to_clean element just\npast the current frame. Unlike i40e, the ice_put_rx_mbuf() function does\ncall ice_put_rx_buf() on the last buffer of the frame indicating the end of\npacket.\n\nFor non-linear (multi-buffer) frames, we need to take care when adjusting\nthe pagecnt_bias. An XDP program might release fragments from the tail of\nthe frame, in which case that fragment page is already released. Only\nupdate the pagecnt_bias for the first descriptor and fragments still\nremaining post-XDP program. Take care to only access the shared info for\nfragmented buffers, as this avoids a significant cache miss.\n\nThe xdp_xmit value only needs to be updated if an XDP program is run, and\nonly once per packet. Drop the xdp_xmit pointer argument from\nice_put_rx_mbuf(). Instead, set xdp_xmit in the ice_clean_rx_irq() function\ndirectly. This avoids needing to pass the argument and avoids an extra\nbit-wise OR for each buffer in the frame.\n\nMove the increment of the ntc local variable to ensure its updated *before*\nall calls to ice_get_pgcnts() or ice_put_rx_mbuf(), as the loop logic\nrequires the index of the element just after the current frame.\n\nNow that we use an index pointer in the ring to identify the packet, we no\nlonger need to track or cache the number of fragments in the rx_ring.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39948",
"url": "https://www.suse.com/security/cve/CVE-2025-39948"
},
{
"category": "external",
"summary": "SUSE Bug 1251233 for CVE-2025-39948",
"url": "https://bugzilla.suse.com/1251233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39948"
},
{
"cve": "CVE-2025-39949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39949"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nqed: Don\u0027t collect too many protection override GRC elements\n\nIn the protection override dump path, the firmware can return far too\nmany GRC elements, resulting in attempting to write past the end of the\npreviously-kmalloc\u0027ed dump buffer.\n\nThis will result in a kernel panic with reason:\n\n BUG: unable to handle kernel paging request at ADDRESS\n\nwhere \"ADDRESS\" is just past the end of the protection override dump\nbuffer. The start address of the buffer is:\n p_hwfn-\u003ecdev-\u003edbg_features[DBG_FEATURE_PROTECTION_OVERRIDE].dump_buf\nand the size of the buffer is buf_size in the same data structure.\n\nThe panic can be arrived at from either the qede Ethernet driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc02662ed [qed]\n qed_dbg_protection_override_dump at ffffffffc0267792 [qed]\n qed_dbg_feature at ffffffffc026aa8f [qed]\n qed_dbg_all_data at ffffffffc026b211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc027298a [qed]\n devlink_health_do_dump at ffffffff82497f61\n devlink_health_report at ffffffff8249cf29\n qed_report_fatal_error at ffffffffc0272baf [qed]\n qede_sp_task at ffffffffc045ed32 [qede]\n process_one_work at ffffffff81d19783\n\nor the qedf storage driver path:\n\n [exception RIP: qed_grc_dump_addr_range+0x108]\n qed_protection_override_dump at ffffffffc068b2ed [qed]\n qed_dbg_protection_override_dump at ffffffffc068c792 [qed]\n qed_dbg_feature at ffffffffc068fa8f [qed]\n qed_dbg_all_data at ffffffffc0690211 [qed]\n qed_fw_fatal_reporter_dump at ffffffffc069798a [qed]\n devlink_health_do_dump at ffffffff8aa95e51\n devlink_health_report at ffffffff8aa9ae19\n qed_report_fatal_error at ffffffffc0697baf [qed]\n qed_hw_err_notify at ffffffffc06d32d7 [qed]\n qed_spq_post at ffffffffc06b1011 [qed]\n qed_fcoe_destroy_conn at ffffffffc06b2e91 [qed]\n qedf_cleanup_fcport at ffffffffc05e7597 [qedf]\n qedf_rport_event_handler at ffffffffc05e7bf7 [qedf]\n fc_rport_work at ffffffffc02da715 [libfc]\n process_one_work at ffffffff8a319663\n\nResolve this by clamping the firmware\u0027s return value to the maximum\nnumber of legal elements the firmware should return.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39949",
"url": "https://www.suse.com/security/cve/CVE-2025-39949"
},
{
"category": "external",
"summary": "SUSE Bug 1251177 for CVE-2025-39949",
"url": "https://bugzilla.suse.com/1251177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39949"
},
{
"cve": "CVE-2025-39952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39952"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: avoid buffer overflow in WID string configuration\n\nFix the following copy overflow warning identified by Smatch checker.\n\n drivers/net/wireless/microchip/wilc1000/wlan_cfg.c:184 wilc_wlan_parse_response_frame()\n error: \u0027__memcpy()\u0027 \u0027cfg-\u003es[i]-\u003estr\u0027 copy overflow (512 vs 65537)\n\nThis patch introduces size check before accessing the memory buffer.\nThe checks are base on the WID type of received data from the firmware.\nFor WID string configuration, the size limit is determined by individual\nelement size in \u0027struct wilc_cfg_str_vals\u0027 that is maintained in \u0027len\u0027 field\nof \u0027struct wilc_cfg_str\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39952",
"url": "https://www.suse.com/security/cve/CVE-2025-39952"
},
{
"category": "external",
"summary": "SUSE Bug 1251216 for CVE-2025-39952",
"url": "https://bugzilla.suse.com/1251216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39952"
},
{
"cve": "CVE-2025-39955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39955",
"url": "https://www.suse.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "SUSE Bug 1251804 for CVE-2025-39955",
"url": "https://bugzilla.suse.com/1251804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39955"
},
{
"cve": "CVE-2025-39957",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39957"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: increase scan_ies_len for S1G\n\nCurrently the S1G capability element is not taken into account\nfor the scan_ies_len, which leads to a buffer length validation\nfailure in ieee80211_prep_hw_scan() and subsequent WARN in\n__ieee80211_start_scan(). This prevents hw scanning from functioning.\nTo fix ensure we accommodate for the S1G capability length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39957",
"url": "https://www.suse.com/security/cve/CVE-2025-39957"
},
{
"category": "external",
"summary": "SUSE Bug 1251810 for CVE-2025-39957",
"url": "https://bugzilla.suse.com/1251810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2025-39957"
},
{
"cve": "CVE-2025-39965",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39965"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: xfrm_alloc_spi shouldn\u0027t use 0 as SPI\n\nx-\u003eid.spi == 0 means \"no SPI assigned\", but since commit\n94f39804d891 (\"xfrm: Duplicate SPI Handling\"), we now create states\nand add them to the byspi list with this value.\n\n__xfrm_state_delete doesn\u0027t remove those states from the byspi list,\nsince they shouldn\u0027t be there, and this shows up as a UAF the next\ntime we go through the byspi list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39965",
"url": "https://www.suse.com/security/cve/CVE-2025-39965"
},
{
"category": "external",
"summary": "SUSE Bug 1251967 for CVE-2025-39965",
"url": "https://bugzilla.suse.com/1251967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39965"
},
{
"cve": "CVE-2025-39967",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39967"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: fix integer overflow in fbcon_do_set_font\n\nFix integer overflow vulnerabilities in fbcon_do_set_font() where font\nsize calculations could overflow when handling user-controlled font\nparameters.\n\nThe vulnerabilities occur when:\n1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount\n multiplication with user-controlled values that can overflow.\n2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow\n3. This results in smaller allocations than expected, leading to buffer\n overflows during font data copying.\n\nAdd explicit overflow checking using check_mul_overflow() and\ncheck_add_overflow() kernel helpers to safety validate all size\ncalculations before allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39967",
"url": "https://www.suse.com/security/cve/CVE-2025-39967"
},
{
"category": "external",
"summary": "SUSE Bug 1252033 for CVE-2025-39967",
"url": "https://bugzilla.suse.com/1252033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39967"
},
{
"cve": "CVE-2025-39968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39968"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add max boundary check for VF filters\n\nThere is no check for max filters that VF can request. Add it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39968",
"url": "https://www.suse.com/security/cve/CVE-2025-39968"
},
{
"category": "external",
"summary": "SUSE Bug 1252047 for CVE-2025-39968",
"url": "https://bugzilla.suse.com/1252047"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2025-39968"
},
{
"cve": "CVE-2025-39969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix validation of VF state in get resources\n\nVF state I40E_VF_STATE_ACTIVE is not the only state in which\nVF is actually active so it should not be used to determine\nif a VF is allowed to obtain resources.\n\nUse I40E_VF_STATE_RESOURCES_LOADED that is set only in\ni40e_vc_get_vf_resources_msg() and cleared during reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39969",
"url": "https://www.suse.com/security/cve/CVE-2025-39969"
},
{
"category": "external",
"summary": "SUSE Bug 1252044 for CVE-2025-39969",
"url": "https://bugzilla.suse.com/1252044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39969"
},
{
"cve": "CVE-2025-39970",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39970"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix input validation logic for action_meta\n\nFix condition to check \u0027greater or equal\u0027 to prevent OOB dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39970",
"url": "https://www.suse.com/security/cve/CVE-2025-39970"
},
{
"category": "external",
"summary": "SUSE Bug 1252051 for CVE-2025-39970",
"url": "https://bugzilla.suse.com/1252051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39970"
},
{
"cve": "CVE-2025-39971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in config queues msg\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_vc_config_queues_msg().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39971",
"url": "https://www.suse.com/security/cve/CVE-2025-39971"
},
{
"category": "external",
"summary": "SUSE Bug 1252052 for CVE-2025-39971",
"url": "https://bugzilla.suse.com/1252052"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39971"
},
{
"cve": "CVE-2025-39972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix idx validation in i40e_validate_queue_map\n\nEnsure idx is within range of active/initialized TCs when iterating over\nvf-\u003ech[idx] in i40e_validate_queue_map().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39972",
"url": "https://www.suse.com/security/cve/CVE-2025-39972"
},
{
"category": "external",
"summary": "SUSE Bug 1252039 for CVE-2025-39972",
"url": "https://bugzilla.suse.com/1252039"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39972"
},
{
"cve": "CVE-2025-39973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39973"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: add validation for ring_len param\n\nThe `ring_len` parameter provided by the virtual function (VF)\nis assigned directly to the hardware memory context (HMC) without\nany validation.\n\nTo address this, introduce an upper boundary check for both Tx and Rx\nqueue lengths. The maximum number of descriptors supported by the\nhardware is 8k-32.\nAdditionally, enforce alignment constraints: Tx rings must be a multiple\nof 8, and Rx rings must be a multiple of 32.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39973",
"url": "https://www.suse.com/security/cve/CVE-2025-39973"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252035 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252035"
},
{
"category": "external",
"summary": "SUSE Bug 1252036 for CVE-2025-39973",
"url": "https://bugzilla.suse.com/1252036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2025-39973"
},
{
"cve": "CVE-2025-39978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: Fix potential use after free in otx2_tc_add_flow()\n\nThis code calls kfree_rcu(new_node, rcu) and then dereferences \"new_node\"\nand then dereferences it on the next line. Two lines later, we take\na mutex so I don\u0027t think this is an RCU safe region. Re-order it to do\nthe dereferences before queuing up the free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39978",
"url": "https://www.suse.com/security/cve/CVE-2025-39978"
},
{
"category": "external",
"summary": "SUSE Bug 1252069 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252069"
},
{
"category": "external",
"summary": "SUSE Bug 1252071 for CVE-2025-39978",
"url": "https://bugzilla.suse.com/1252071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2025-39978"
},
{
"cve": "CVE-2025-39981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39981"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix possible UAFs\n\nThis attemps to fix possible UAFs caused by struct mgmt_pending being\nfreed while still being processed like in the following trace, in order\nto fix mgmt_pending_valid is introduce and use to check if the\nmgmt_pending hasn\u0027t been removed from the pending list, on the complete\ncallbacks it is used to check and in addtion remove the cmd from the list\nwhile holding mgmt_pending_lock to avoid TOCTOU problems since if the cmd\nis left on the list it can still be accessed and freed.\n\nBUG: KASAN: slab-use-after-free in mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\nRead of size 8 at addr ffff8880709d4dc0 by task kworker/u11:0/55\n\nCPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.16.4 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n mgmt_add_adv_patterns_monitor_sync+0x35/0x50 net/bluetooth/mgmt.c:5223\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x711/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16.4/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 12210:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4364\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n mgmt_pending_new+0x65/0x1e0 net/bluetooth/mgmt_util.c:269\n mgmt_pending_add+0x35/0x140 net/bluetooth/mgmt_util.c:296\n __add_adv_patterns_monitor+0x130/0x200 net/bluetooth/mgmt.c:5247\n add_adv_patterns_monitor+0x214/0x360 net/bluetooth/mgmt.c:5364\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:729\n sock_write_iter+0x258/0x330 net/socket.c:1133\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x5c9/0xb30 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 12221:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4648 [inline]\n kfree+0x18e/0x440 mm/slub.c:4847\n mgmt_pending_free net/bluetooth/mgmt_util.c:311 [inline]\n mgmt_pending_foreach+0x30d/0x380 net/bluetooth/mgmt_util.c:257\n __mgmt_power_off+0x169/0x350 net/bluetooth/mgmt.c:9444\n hci_dev_close_sync+0x754/0x1330 net/bluetooth/hci_sync.c:5290\n hci_dev_do_close net/bluetooth/hci_core.c:501 [inline]\n hci_dev_close+0x108/0x200 net/bluetooth/hci_core.c:526\n sock_do_ioctl+0xd9/0x300 net/socket.c:1192\n sock_ioctl+0x576/0x790 net/socket.c:1313\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xf\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39981",
"url": "https://www.suse.com/security/cve/CVE-2025-39981"
},
{
"category": "external",
"summary": "SUSE Bug 1252060 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252060"
},
{
"category": "external",
"summary": "SUSE Bug 1252061 for CVE-2025-39981",
"url": "https://bugzilla.suse.com/1252061"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2025-39981"
},
{
"cve": "CVE-2025-39982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync\n\nThis fixes the following UFA in hci_acl_create_conn_sync where a\nconnection still pending is command submission (conn-\u003estate == BT_OPEN)\nmaybe freed, also since this also can happen with the likes of\nhci_le_create_conn_sync fix it as well:\n\nBUG: KASAN: slab-use-after-free in hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\nWrite of size 2 at addr ffff88805ffcc038 by task kworker/u11:2/9541\n\nCPU: 1 UID: 0 PID: 9541 Comm: kworker/u11:2 Not tainted 6.16.0-rc7 #3 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nWorkqueue: hci3 hci_cmd_sync_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x230 mm/kasan/report.c:480\n kasan_report+0x118/0x150 mm/kasan/report.c:593\n hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861\n hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245\n \u003c/TASK\u003e\n\nAllocated by task 123736:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359\n kmalloc_noprof include/linux/slab.h:905 [inline]\n kzalloc_noprof include/linux/slab.h:1039 [inline]\n __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939\n hci_conn_add_unset net/bluetooth/hci_conn.c:1051 [inline]\n hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634\n pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556\n hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719\n hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x219/0x270 net/socket.c:727\n sock_write_iter+0x258/0x330 net/socket.c:1131\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x54b/0xa90 fs/read_write.c:686\n ksys_write+0x145/0x250 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 103680:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:68\n kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576\n poison_slab_object mm/kasan/common.c:247 [inline]\n __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264\n kasan_slab_free include/linux/kasan.h:233 [inline]\n slab_free_hook mm/slub.c:2381 [inline]\n slab_free mm/slub.c:4643 [inline]\n kfree+0x18e/0x440 mm/slub.c:4842\n device_release+0x9c/0x1c0\n kobject_cleanup lib/kobject.c:689 [inline]\n kobject_release lib/kobject.c:720 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x22b/0x480 lib/kobject.c:737\n hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline]\n hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173\n hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event.c:3199\n hci_event_func net/bluetooth/hci_event.c:7477 [inline]\n hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531\n hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070\n process_one_work kernel/workqueue.c:3238 [inline]\n process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402\n kthread+0x70e/0x8a0 kernel/kthread.c:464\n ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148\n ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39982",
"url": "https://www.suse.com/security/cve/CVE-2025-39982"
},
{
"category": "external",
"summary": "SUSE Bug 1252083 for CVE-2025-39982",
"url": "https://bugzilla.suse.com/1252083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39982"
},
{
"cve": "CVE-2025-39985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39985"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the mcba_usb driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, mcba_usb_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on these lines:\n\n\tusb_msg.dlc = cf-\u003elen;\n\n\tmemcpy(usb_msg.data, cf-\u003edata, usb_msg.dlc);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39985",
"url": "https://www.suse.com/security/cve/CVE-2025-39985"
},
{
"category": "external",
"summary": "SUSE Bug 1252082 for CVE-2025-39985",
"url": "https://bugzilla.suse.com/1252082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39985"
},
{
"cve": "CVE-2025-39986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39986"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, sun4ican_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN frame.\n\nThis can result in a buffer overflow. The driver will consume cf-\u003elen\nas-is with no further checks on this line:\n\n\tdlc = cf-\u003elen;\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs a\ncouple line below when doing:\n\n\tfor (i = 0; i \u003c dlc; i++)\n\t\twritel(cf-\u003edata[i], priv-\u003ebase + (dreg + i * 4));\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39986",
"url": "https://www.suse.com/security/cve/CVE-2025-39986"
},
{
"category": "external",
"summary": "SUSE Bug 1252078 for CVE-2025-39986",
"url": "https://bugzilla.suse.com/1252078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39986"
},
{
"cve": "CVE-2025-39987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39987"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the sun4i_can driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL))\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, hi3110_hard_start_xmit() receives a CAN XL frame which it is\nnot able to correctly handle and will thus misinterpret it as a CAN\nframe. The driver will consume frame-\u003elen as-is with no further\nchecks.\n\nThis can result in a buffer overflow later on in hi3110_hw_tx() on\nthis line:\n\n\tmemcpy(buf + HI3110_FIFO_EXT_DATA_OFF,\n\t frame-\u003edata, frame-\u003elen);\n\nHere, frame-\u003elen corresponds to the flags field of the CAN XL frame.\nIn our previous example, we set canxl_frame-\u003eflags to 0xff. Because\nthe maximum expected length is 8, a buffer overflow of 247 bytes\noccurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU. By\nfixing the root cause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39987",
"url": "https://www.suse.com/security/cve/CVE-2025-39987"
},
{
"category": "external",
"summary": "SUSE Bug 1252079 for CVE-2025-39987",
"url": "https://bugzilla.suse.com/1252079"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39987"
},
{
"cve": "CVE-2025-39988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39988"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow\n\nSending an PF_PACKET allows to bypass the CAN framework logic and to\ndirectly reach the xmit() function of a CAN driver. The only check\nwhich is performed by the PF_PACKET framework is to make sure that\nskb-\u003elen fits the interface\u0027s MTU.\n\nUnfortunately, because the etas_es58x driver does not populate its\nnet_device_ops-\u003endo_change_mtu(), it is possible for an attacker to\nconfigure an invalid MTU by doing, for example:\n\n $ ip link set can0 mtu 9999\n\nAfter doing so, the attacker could open a PF_PACKET socket using the\nETH_P_CANXL protocol:\n\n\tsocket(PF_PACKET, SOCK_RAW, htons(ETH_P_CANXL));\n\nto inject a malicious CAN XL frames. For example:\n\n\tstruct canxl_frame frame = {\n\t\t.flags = 0xff,\n\t\t.len = 2048,\n\t};\n\nThe CAN drivers\u0027 xmit() function are calling can_dev_dropped_skb() to\ncheck that the skb is valid, unfortunately under above conditions, the\nmalicious packet is able to go through can_dev_dropped_skb() checks:\n\n 1. the skb-\u003eprotocol is set to ETH_P_CANXL which is valid (the\n function does not check the actual device capabilities).\n\n 2. the length is a valid CAN XL length.\n\nAnd so, es58x_start_xmit() receives a CAN XL frame which it is not\nable to correctly handle and will thus misinterpret it as a CAN(FD)\nframe.\n\nThis can result in a buffer overflow. For example, using the es581.4\nvariant, the frame will be dispatched to es581_4_tx_can_msg(), go\nthrough the last check at the beginning of this function:\n\n\tif (can_is_canfd_skb(skb))\n\t\treturn -EMSGSIZE;\n\nand reach this line:\n\n\tmemcpy(tx_can_msg-\u003edata, cf-\u003edata, cf-\u003elen);\n\nHere, cf-\u003elen corresponds to the flags field of the CAN XL frame. In\nour previous example, we set canxl_frame-\u003eflags to 0xff. Because the\nmaximum expected length is 8, a buffer overflow of 247 bytes occurs!\n\nPopulate net_device_ops-\u003endo_change_mtu() to ensure that the\ninterface\u0027s MTU can not be set to anything bigger than CAN_MTU or\nCANFD_MTU (depending on the device capabilities). By fixing the root\ncause, this prevents the buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39988",
"url": "https://www.suse.com/security/cve/CVE-2025-39988"
},
{
"category": "external",
"summary": "SUSE Bug 1252074 for CVE-2025-39988",
"url": "https://bugzilla.suse.com/1252074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39988"
},
{
"cve": "CVE-2025-39991",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39991"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()\n\nIf ab-\u003efw.m3_data points to data, then fw pointer remains null.\nFurther, if m3_mem is not allocated, then fw is dereferenced to be\npassed to ath11k_err function.\n\nReplace fw-\u003esize by m3_len.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39991",
"url": "https://www.suse.com/security/cve/CVE-2025-39991"
},
{
"category": "external",
"summary": "SUSE Bug 1252075 for CVE-2025-39991",
"url": "https://bugzilla.suse.com/1252075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39991"
},
{
"cve": "CVE-2025-39993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39993",
"url": "https://www.suse.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "SUSE Bug 1252070 for CVE-2025-39993",
"url": "https://bugzilla.suse.com/1252070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39993"
},
{
"cve": "CVE-2025-39994",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39994"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: tuner: xc5000: Fix use-after-free in xc5000_release\n\nThe original code uses cancel_delayed_work() in xc5000_release(), which\ndoes not guarantee that the delayed work item timer_sleep has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere xc5000_release() may free the xc5000_priv while timer_sleep is still\nactive and attempts to dereference the xc5000_priv.\n\nA typical race condition is illustrated below:\n\nCPU 0 (release thread) | CPU 1 (delayed work callback)\nxc5000_release() | xc5000_do_timer_sleep()\n cancel_delayed_work() |\n hybrid_tuner_release_state(priv) |\n kfree(priv) |\n | priv = container_of() // UAF\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the timer_sleep is properly canceled before the xc5000_priv memory\nis deallocated.\n\nA deadlock concern was considered: xc5000_release() is called in a process\ncontext and is not holding any locks that the timer_sleep work item might\nalso need. Therefore, the use of the _sync() variant is safe here.\n\nThis bug was initially identified through static analysis.\n\n[hverkuil: fix typo in Subject: tunner -\u003e tuner]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39994",
"url": "https://www.suse.com/security/cve/CVE-2025-39994"
},
{
"category": "external",
"summary": "SUSE Bug 1252072 for CVE-2025-39994",
"url": "https://bugzilla.suse.com/1252072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39994"
},
{
"cve": "CVE-2025-39995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n\nThe state-\u003etimer is a cyclic timer that schedules work_i2c_poll and\ndelayed_work_enable_hotplug, while rearming itself. Using timer_delete()\nfails to guarantee the timer isn\u0027t still running when destroyed, similarly\ncancel_delayed_work() cannot ensure delayed_work_enable_hotplug has\nterminated if already executing. During probe failure after timer\ninitialization, these may continue running as orphans and reference the\nalready-freed tc358743_state object through tc358743_irq_poll_timer.\n\nThe following is the trace captured by KASAN.\n\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff88800ded83c8 by task swapper/1/0\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __pfx_sched_balance_find_src_group+0x10/0x10\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? rcu_sched_clock_irq+0xb06/0x27d0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? try_to_wake_up+0xb15/0x1960\n ? tmigr_update_events+0x280/0x740\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n tmigr_handle_remote_up+0x603/0x7e0\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n ? sched_balance_trigger+0x98/0x9f0\n ? sched_tick+0x221/0x5a0\n ? _raw_spin_lock_irq+0x80/0xe0\n ? __pfx__raw_spin_lock_irq+0x10/0x10\n ? tick_nohz_handler+0x339/0x440\n ? __pfx_tmigr_handle_remote_up+0x10/0x10\n __walk_groups.isra.0+0x42/0x150\n tmigr_handle_remote+0x1f4/0x2e0\n ? __pfx_tmigr_handle_remote+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n ? hrtimer_interrupt+0x322/0x780\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_node_track_caller_noprof+0x198/0x430\n devm_kmalloc+0x7b/0x1e0\n tc358743_probe+0xb7/0x610 i2c_device_probe+0x51d/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nFreed by task 141:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n release_nodes+0xa4/0x100\n devres_release_group+0x1b2/0x380\n i2c_device_probe+0x694/0x880\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __device_attach_driver+0x174/0x220\n bus_for_each_drv+0x100/0x190\n __device_attach+0x206/0x370\n bus_probe_device+0x123/0x170\n device_add+0xd25/0x1470\n i2c_new_client_device+0x7a0/0xcd0\n do_one_initcall+0x89/0x300\n do_init_module+0x29d/0x7f0\n load_module+0x4f48/0x69e0\n init_module_from_file+0xe4/0x150\n idempotent_init_module+0x320/0x670\n __x64_sys_finit_module+0xbd/0x120\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace timer_delete() with timer_delete_sync() and cancel_delayed_work()\nwith cancel_delayed_work_sync() to ensure proper termination of timer and\nwork items before resource cleanup.\n\nThis bug was initially identified through static analysis. For reproduction\nand testing, I created a functional emulation of the tc358743 device via a\nkernel module and introduced faults through the debugfs interface.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39995",
"url": "https://www.suse.com/security/cve/CVE-2025-39995"
},
{
"category": "external",
"summary": "SUSE Bug 1252064 for CVE-2025-39995",
"url": "https://bugzilla.suse.com/1252064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39995"
},
{
"cve": "CVE-2025-39996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39996"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n\nThe original code uses cancel_delayed_work() in flexcop_pci_remove(), which\ndoes not guarantee that the delayed work item irq_check_work has fully\ncompleted if it was already running. This leads to use-after-free scenarios\nwhere flexcop_pci_remove() may free the flexcop_device while irq_check_work\nis still active and attempts to dereference the device.\n\nA typical race condition is illustrated below:\n\nCPU 0 (remove) | CPU 1 (delayed work callback)\nflexcop_pci_remove() | flexcop_pci_irq_check_work()\n cancel_delayed_work() |\n flexcop_device_kfree(fc_pci-\u003efc_dev) |\n | fc = fc_pci-\u003efc_dev; // UAF\n\nThis is confirmed by a KASAN report:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in __run_timer_base.part.0+0x7d7/0x8c0\nWrite of size 8 at addr ffff8880093aa8c8 by task bash/135\n...\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x55/0x70\n print_report+0xcf/0x610\n ? __run_timer_base.part.0+0x7d7/0x8c0\n kasan_report+0xb8/0xf0\n ? __run_timer_base.part.0+0x7d7/0x8c0\n __run_timer_base.part.0+0x7d7/0x8c0\n ? __pfx___run_timer_base.part.0+0x10/0x10\n ? __pfx_read_tsc+0x10/0x10\n ? ktime_get+0x60/0x140\n ? lapic_next_event+0x11/0x20\n ? clockevents_program_event+0x1d4/0x2a0\n run_timer_softirq+0xd1/0x190\n handle_softirqs+0x16a/0x550\n irq_exit_rcu+0xaf/0xe0\n sysvec_apic_timer_interrupt+0x70/0x80\n \u003c/IRQ\u003e\n...\n\nAllocated by task 1:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x7f/0x90\n __kmalloc_noprof+0x1be/0x460\n flexcop_device_kmalloc+0x54/0xe0\n flexcop_pci_probe+0x1f/0x9d0\n local_pci_probe+0xdc/0x190\n pci_device_probe+0x2fe/0x470\n really_probe+0x1ca/0x5c0\n __driver_probe_device+0x248/0x310\n driver_probe_device+0x44/0x120\n __driver_attach+0xd2/0x310\n bus_for_each_dev+0xed/0x170\n bus_add_driver+0x208/0x500\n driver_register+0x132/0x460\n do_one_initcall+0x89/0x300\n kernel_init_freeable+0x40d/0x720\n kernel_init+0x1a/0x150\n ret_from_fork+0x10c/0x1a0\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 135:\n kasan_save_stack+0x24/0x50\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3a/0x60\n __kasan_slab_free+0x3f/0x50\n kfree+0x137/0x370\n flexcop_device_kfree+0x32/0x50\n pci_device_remove+0xa6/0x1d0\n device_release_driver_internal+0xf8/0x210\n pci_stop_bus_device+0x105/0x150\n pci_stop_and_remove_bus_device_locked+0x15/0x30\n remove_store+0xcc/0xe0\n kernfs_fop_write_iter+0x2c3/0x440\n vfs_write+0x871/0xd70\n ksys_write+0xee/0x1c0\n do_syscall_64+0xac/0x280\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n...\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing delayed\nwork has finished before the device memory is deallocated.\n\nThis bug was initially identified through static analysis. To reproduce\nand test it, I simulated the B2C2 FlexCop PCI device in QEMU and introduced\nartificial delays within the flexcop_pci_irq_check_work() function to\nincrease the likelihood of triggering the bug.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39996",
"url": "https://www.suse.com/security/cve/CVE-2025-39996"
},
{
"category": "external",
"summary": "SUSE Bug 1252065 for CVE-2025-39996",
"url": "https://bugzilla.suse.com/1252065"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39996"
},
{
"cve": "CVE-2025-39997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39997"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free\n\nThe previous commit 0718a78f6a9f (\"ALSA: usb-audio: Kill timer properly at\nremoval\") patched a UAF issue caused by the error timer.\n\nHowever, because the error timer kill added in this patch occurs after the\nendpoint delete, a race condition to UAF still occurs, albeit rarely.\n\nAdditionally, since kill-cleanup for urb is also missing, freed memory can\nbe accessed in interrupt context related to urb, which can cause UAF.\n\nTherefore, to prevent this, error timer and urb must be killed before\nfreeing the heap memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39997",
"url": "https://www.suse.com/security/cve/CVE-2025-39997"
},
{
"category": "external",
"summary": "SUSE Bug 1252056 for CVE-2025-39997",
"url": "https://bugzilla.suse.com/1252056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-39997"
},
{
"cve": "CVE-2025-40000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()\n\nThere is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to\naccess already freed skb_data:\n\n BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n\n CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025\n Workqueue: events_unbound cfg80211_wiphy_work [cfg80211]\n\n Use-after-free write at 0x0000000020309d9d (in kfence-#251):\n rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache\n\n allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago):\n __alloc_skb net/core/skbuff.c:659\n __netdev_alloc_skb net/core/skbuff.c:734\n ieee80211_nullfunc_get net/mac80211/tx.c:5844\n rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431\n rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338\n rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979\n rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165\n rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194\n rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012\n rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059\n rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758\n process_one_work kernel/workqueue.c:3241\n worker_thread kernel/workqueue.c:3400\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\n freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago):\n ieee80211_tx_status_skb net/mac80211/status.c:1117\n rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564\n rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651\n rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676\n rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238\n __napi_poll net/core/dev.c:7495\n net_rx_action net/core/dev.c:7557 net/core/dev.c:7684\n handle_softirqs kernel/softirq.c:580\n do_softirq.part.0 kernel/softirq.c:480\n __local_bh_enable_ip kernel/softirq.c:407\n rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927\n irq_thread_fn kernel/irq/manage.c:1133\n irq_thread kernel/irq/manage.c:1257\n kthread kernel/kthread.c:463\n ret_from_fork arch/x86/kernel/process.c:154\n ret_from_fork_asm arch/x86/entry/entry_64.S:258\n\nIt is a consequence of a race between the waiting and the signaling side\nof the completion:\n\n Waiting thread Completing thread\n\nrtw89_core_tx_kick_off_and_wait()\n rcu_assign_pointer(skb_data-\u003ewait, wait)\n /* start waiting */\n wait_for_completion_timeout()\n rtw89_pci_tx_status()\n rtw89_core_tx_wait_complete()\n rcu_read_lock()\n /* signals completion and\n \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40000",
"url": "https://www.suse.com/security/cve/CVE-2025-40000"
},
{
"category": "external",
"summary": "SUSE Bug 1252062 for CVE-2025-40000",
"url": "https://bugzilla.suse.com/1252062"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40000"
},
{
"cve": "CVE-2025-40005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40005"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-quadspi: Implement refcount to handle unbind during busy\n\ndriver support indirect read and indirect write operation with\nassumption no force device removal(unbind) operation. However\nforce device removal(removal) is still available to root superuser.\n\nUnbinding driver during operation causes kernel crash. This changes\nensure driver able to handle such operation for indirect read and\nindirect write by implementing refcount to track attached devices\nto the controller and gracefully wait and until attached devices\nremove operation completed before proceed with removal operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40005",
"url": "https://www.suse.com/security/cve/CVE-2025-40005"
},
{
"category": "external",
"summary": "SUSE Bug 1252349 for CVE-2025-40005",
"url": "https://bugzilla.suse.com/1252349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40005"
},
{
"cve": "CVE-2025-40010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40010"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix potential null pointer dereference in afs_put_server\n\nafs_put_server() accessed server-\u003edebug_id before the NULL check, which\ncould lead to a null pointer dereference. Move the debug_id assignment,\nensuring we never dereference a NULL server pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40010",
"url": "https://www.suse.com/security/cve/CVE-2025-40010"
},
{
"category": "external",
"summary": "SUSE Bug 1252332 for CVE-2025-40010",
"url": "https://bugzilla.suse.com/1252332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40010"
},
{
"cve": "CVE-2025-40011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40011"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix null dereference in hdmi teardown\n\npci_set_drvdata sets the value of pdev-\u003edriver_data to NULL,\nafter which the driver_data obtained from the same dev is\ndereferenced in oaktrail_hdmi_i2c_exit, and the i2c_dev is\nextracted from it. To prevent this, swap these calls.\n\nFound by Linux Verification Center (linuxtesting.org) with Svacer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40011",
"url": "https://www.suse.com/security/cve/CVE-2025-40011"
},
{
"category": "external",
"summary": "SUSE Bug 1252336 for CVE-2025-40011",
"url": "https://bugzilla.suse.com/1252336"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40011"
},
{
"cve": "CVE-2025-40013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40013"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: audioreach: fix potential null pointer dereference\n\nIt is possible that the topology parsing function\naudioreach_widget_load_module_common() could return NULL or an error\npointer. Add missing NULL check so that we do not dereference it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40013",
"url": "https://www.suse.com/security/cve/CVE-2025-40013"
},
{
"category": "external",
"summary": "SUSE Bug 1252348 for CVE-2025-40013",
"url": "https://bugzilla.suse.com/1252348"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40013"
},
{
"cve": "CVE-2025-40016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nIf we add a new entity with id 0 or a duplicated ID, it will be marked\nas UVC_INVALID_ENTITY_ID.\n\nIn a previous attempt commit 3dd075fe8ebb (\"media: uvcvideo: Require\nentities to have a non-zero unique ID\"), we ignored all the invalid units,\nthis broke a lot of non-compatible cameras. Hopefully we are more lucky\nthis time.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device \u003cunnamed\u003e (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 \u003c0f\u003e 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] \u003cTASK\u003e\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40016",
"url": "https://www.suse.com/security/cve/CVE-2025-40016"
},
{
"category": "external",
"summary": "SUSE Bug 1252346 for CVE-2025-40016",
"url": "https://bugzilla.suse.com/1252346"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "low"
}
],
"title": "CVE-2025-40016"
},
{
"cve": "CVE-2025-40018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40018"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvs: Defer ip_vs_ftp unregister during netns cleanup\n\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp-\u003eapp pointers are flushed, leading to a\nuse-after-free.\n\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40018",
"url": "https://www.suse.com/security/cve/CVE-2025-40018"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1252688 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252688"
},
{
"category": "external",
"summary": "SUSE Bug 1252689 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1252689"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-40018",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2025-40018"
},
{
"cve": "CVE-2025-40019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40019"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: essiv - Check ssize for decryption and in-place encryption\n\nMove the ssize check to the start in essiv_aead_crypt so that\nit\u0027s also checked for decryption and in-place encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40019",
"url": "https://www.suse.com/security/cve/CVE-2025-40019"
},
{
"category": "external",
"summary": "SUSE Bug 1252678 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252678"
},
{
"category": "external",
"summary": "SUSE Bug 1252719 for CVE-2025-40019",
"url": "https://bugzilla.suse.com/1252719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "important"
}
],
"title": "CVE-2025-40019"
},
{
"cve": "CVE-2025-40020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40020"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix shift-out-of-bounds issue\n\nExplicitly uses a 64-bit constant when the number of bits used for its\nshifting is 32 (which is the case for PC CAN FD interfaces supported by\nthis driver).\n\n[mkl: update subject, apply manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40020",
"url": "https://www.suse.com/security/cve/CVE-2025-40020"
},
{
"category": "external",
"summary": "SUSE Bug 1252679 for CVE-2025-40020",
"url": "https://bugzilla.suse.com/1252679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40020"
},
{
"cve": "CVE-2025-40029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40029"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: Check return value of platform_get_resource()\n\nplatform_get_resource() returns NULL in case of failure, so check its\nreturn value and propagate the error in order to prevent NULL pointer\ndereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40029",
"url": "https://www.suse.com/security/cve/CVE-2025-40029"
},
{
"category": "external",
"summary": "SUSE Bug 1252772 for CVE-2025-40029",
"url": "https://bugzilla.suse.com/1252772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40029"
},
{
"cve": "CVE-2025-40032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40032"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release\n\nThe fields dma_chan_tx and dma_chan_rx of the struct pci_epf_test can be\nNULL even after EPF initialization. Then it is prudent to check that\nthey have non-NULL values before releasing the channels. Add the checks\nin pci_epf_test_clean_dma_chan().\n\nWithout the checks, NULL pointer dereferences happen and they can lead\nto a kernel panic in some cases:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050\n Call trace:\n dma_release_channel+0x2c/0x120 (P)\n pci_epf_test_epc_deinit+0x94/0xc0 [pci_epf_test]\n pci_epc_deinit_notify+0x74/0xc0\n tegra_pcie_ep_pex_rst_irq+0x250/0x5d8\n irq_thread_fn+0x34/0xb8\n irq_thread+0x18c/0x2e8\n kthread+0x14c/0x210\n ret_from_fork+0x10/0x20\n\n[mani: trimmed the stack trace]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40032",
"url": "https://www.suse.com/security/cve/CVE-2025-40032"
},
{
"category": "external",
"summary": "SUSE Bug 1252841 for CVE-2025-40032",
"url": "https://bugzilla.suse.com/1252841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40032"
},
{
"cve": "CVE-2025-40035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\n\nInitialize ff_up_compat to zero before filling valid fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40035",
"url": "https://www.suse.com/security/cve/CVE-2025-40035"
},
{
"category": "external",
"summary": "SUSE Bug 1252866 for CVE-2025-40035",
"url": "https://bugzilla.suse.com/1252866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40035"
},
{
"cve": "CVE-2025-40036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40036"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: fastrpc: fix possible map leak in fastrpc_put_args\n\ncopy_to_user() failure would cause an early return without cleaning up\nthe fdlist, which has been updated by the DSP. This could lead to map\nleak. Fix this by redirecting to a cleanup path on failure, ensuring\nthat all mapped buffers are properly released before returning.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40036",
"url": "https://www.suse.com/security/cve/CVE-2025-40036"
},
{
"category": "external",
"summary": "SUSE Bug 1252865 for CVE-2025-40036",
"url": "https://bugzilla.suse.com/1252865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40036"
},
{
"cve": "CVE-2025-40043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Add parameter validation for packet data\n\nSyzbot reported an uninitialized value bug in nci_init_req, which was\nintroduced by commit 5aca7966d2a7 (\"Merge tag\n\u0027perf-tools-fixes-for-v6.17-2025-09-16\u0027 of\ngit://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools\").\n\nThis bug arises due to very limited and poor input validation\nthat was done at nic_valid_size(). This validation only\nvalidates the skb-\u003elen (directly reflects size provided at the\nuserspace interface) with the length provided in the buffer\nitself (interpreted as NCI_HEADER). This leads to the processing\nof memory content at the address assuming the correct layout\nper what opcode requires there. This leads to the accesses to\nbuffer of `skb_buff-\u003edata` which is not assigned anything yet.\n\nFollowing the same silent drop of packets of invalid sizes at\n`nic_valid_size()`, add validation of the data in the respective\nhandlers and return error values in case of failure. Release\nthe skb if error values are returned from handlers in\n`nci_nft_packet` and effectively do a silent drop\n\nPossible TODO: because we silently drop the packets, the\ncall to `nci_request` will be waiting for completion of request\nand will face timeouts. These timeouts can get excessively logged\nin the dmesg. A proper handling of them may require to export\n`nci_request_cancel` (or propagate error handling from the\nnft packets handlers).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40043",
"url": "https://www.suse.com/security/cve/CVE-2025-40043"
},
{
"category": "external",
"summary": "SUSE Bug 1252787 for CVE-2025-40043",
"url": "https://bugzilla.suse.com/1252787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40043"
},
{
"cve": "CVE-2025-40044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40044"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: udf: fix OOB read in lengthAllocDescs handling\n\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\n\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\n\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\n udf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\n udf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\n extent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\n udf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\n udf_release_file+0xc1/0x120 fs/udf/file.c:185\n __fput+0x23f/0x880 fs/file_table.c:431\n task_work_run+0x24f/0x310 kernel/task_work.c:239\n exit_task_work include/linux/task_work.h:43 [inline]\n do_exit+0xa2f/0x28e0 kernel/exit.c:939\n do_group_exit+0x207/0x2c0 kernel/exit.c:1088\n __do_sys_exit_group kernel/exit.c:1099 [inline]\n __se_sys_exit_group kernel/exit.c:1097 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\n x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n \u003c/TASK\u003e\n\nValidate the computed total length against epos-\u003ebh-\u003eb_size.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40044",
"url": "https://www.suse.com/security/cve/CVE-2025-40044"
},
{
"category": "external",
"summary": "SUSE Bug 1252785 for CVE-2025-40044",
"url": "https://bugzilla.suse.com/1252785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40044"
},
{
"cve": "CVE-2025-40049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: fix uninit-value in squashfs_get_parent\n\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\n\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number. In particular the inode number\nis that of a symbolic link, rather than a directory.\n\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\n\n\tunsigned int parent_ino = squashfs_i(inode)-\u003eparent;\n\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\n\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\n\nRegular inodes used to share the parent field with the block_list_start\nfield. This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40049",
"url": "https://www.suse.com/security/cve/CVE-2025-40049"
},
{
"category": "external",
"summary": "SUSE Bug 1252822 for CVE-2025-40049",
"url": "https://bugzilla.suse.com/1252822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40049"
},
{
"cve": "CVE-2025-40051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40051"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Modify the return value check\n\nThe return value of copy_from_iter and copy_to_iter can\u0027t be negative,\ncheck whether the copied lengths are equal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40051",
"url": "https://www.suse.com/security/cve/CVE-2025-40051"
},
{
"category": "external",
"summary": "SUSE Bug 1252858 for CVE-2025-40051",
"url": "https://bugzilla.suse.com/1252858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40051"
},
{
"cve": "CVE-2025-40052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40052"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix crypto buffers in non-linear memory\n\nThe crypto API, through the scatterlist API, expects input buffers to be\nin linear memory. We handle this with the cifs_sg_set_buf() helper\nthat converts vmalloc\u0027d memory to their corresponding pages.\n\nHowever, when we allocate our aead_request buffer (@creq in\nsmb2ops.c::crypt_message()), we do so with kvzalloc(), which possibly\nputs aead_request-\u003e__ctx in vmalloc area.\n\nAEAD algorithm then uses -\u003e__ctx for its private/internal data and\noperations, and uses sg_set_buf() for such data on a few places.\n\nThis works fine as long as @creq falls into kmalloc zone (small\nrequests) or vmalloc\u0027d memory is still within linear range.\n\nTasks\u0027 stacks are vmalloc\u0027d by default (CONFIG_VMAP_STACK=y), so too\nmany tasks will increment the base stacks\u0027 addresses to a point where\nvirt_addr_valid(buf) will fail (BUG() in sg_set_buf()) when that\nhappens.\n\nIn practice: too many parallel reads and writes on an encrypted mount\nwill trigger this bug.\n\nTo fix this, always alloc @creq with kmalloc() instead.\nAlso drop the @sensitive_size variable/arguments since\nkfree_sensitive() doesn\u0027t need it.\n\nBacktrace:\n\n[ 945.272081] ------------[ cut here ]------------\n[ 945.272774] kernel BUG at include/linux/scatterlist.h:209!\n[ 945.273520] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI\n[ 945.274412] CPU: 7 UID: 0 PID: 56 Comm: kworker/u33:0 Kdump: loaded Not tainted 6.15.0-lku-11779-g8e9d6efccdd7-dirty #1 PREEMPT(voluntary)\n[ 945.275736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\n[ 945.276877] Workqueue: writeback wb_workfn (flush-cifs-2)\n[ 945.277457] RIP: 0010:crypto_gcm_init_common+0x1f9/0x220\n[ 945.278018] Code: b0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 48 c7 c0 00 00 00 80 48 2b 05 5c 58 e5 00 e9 58 ff ff ff \u003c0f\u003e 0b 0f 0b 0f 0b 0f 0b 0f 0b 0f 0b 48 c7 04 24 01 00 00 00 48 8b\n[ 945.279992] RSP: 0018:ffffc90000a27360 EFLAGS: 00010246\n[ 945.280578] RAX: 0000000000000000 RBX: ffffc90001d85060 RCX: 0000000000000030\n[ 945.281376] RDX: 0000000000080000 RSI: 0000000000000000 RDI: ffffc90081d85070\n[ 945.282145] RBP: ffffc90001d85010 R08: ffffc90001d85000 R09: 0000000000000000\n[ 945.282898] R10: ffffc90001d85090 R11: 0000000000001000 R12: ffffc90001d85070\n[ 945.283656] R13: ffff888113522948 R14: ffffc90001d85060 R15: ffffc90001d85010\n[ 945.284407] FS: 0000000000000000(0000) GS:ffff8882e66cf000(0000) knlGS:0000000000000000\n[ 945.285262] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 945.285884] CR2: 00007fa7ffdd31f4 CR3: 000000010540d000 CR4: 0000000000350ef0\n[ 945.286683] Call Trace:\n[ 945.286952] \u003cTASK\u003e\n[ 945.287184] ? crypt_message+0x33f/0xad0 [cifs]\n[ 945.287719] crypto_gcm_encrypt+0x36/0xe0\n[ 945.288152] crypt_message+0x54a/0xad0 [cifs]\n[ 945.288724] smb3_init_transform_rq+0x277/0x300 [cifs]\n[ 945.289300] smb_send_rqst+0xa3/0x160 [cifs]\n[ 945.289944] cifs_call_async+0x178/0x340 [cifs]\n[ 945.290514] ? __pfx_smb2_writev_callback+0x10/0x10 [cifs]\n[ 945.291177] smb2_async_writev+0x3e3/0x670 [cifs]\n[ 945.291759] ? find_held_lock+0x32/0x90\n[ 945.292212] ? netfs_advance_write+0xf2/0x310\n[ 945.292723] netfs_advance_write+0xf2/0x310\n[ 945.293210] netfs_write_folio+0x346/0xcc0\n[ 945.293689] ? __pfx__raw_spin_unlock_irq+0x10/0x10\n[ 945.294250] netfs_writepages+0x117/0x460\n[ 945.294724] do_writepages+0xbe/0x170\n[ 945.295152] ? find_held_lock+0x32/0x90\n[ 945.295600] ? kvm_sched_clock_read+0x11/0x20\n[ 945.296103] __writeback_single_inode+0x56/0x4b0\n[ 945.296643] writeback_sb_inodes+0x229/0x550\n[ 945.297140] __writeback_inodes_wb+0x4c/0xe0\n[ 945.297642] wb_writeback+0x2f1/0x3f0\n[ 945.298069] wb_workfn+0x300/0x490\n[ 945.298472] process_one_work+0x1fe/0x590\n[ 945.298949] worker_thread+0x1ce/0x3c0\n[ 945.299397] ? __pfx_worker_thread+0x10/0x10\n[ 945.299900] kthr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40052",
"url": "https://www.suse.com/security/cve/CVE-2025-40052"
},
{
"category": "external",
"summary": "SUSE Bug 1252851 for CVE-2025-40052",
"url": "https://bugzilla.suse.com/1252851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40052"
},
{
"cve": "CVE-2025-40056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost: vringh: Fix copy_to_iter return value check\n\nThe return value of copy_to_iter can\u0027t be negative, check whether the\ncopied length is equal to the requested length instead of checking for\nnegative values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40056",
"url": "https://www.suse.com/security/cve/CVE-2025-40056"
},
{
"category": "external",
"summary": "SUSE Bug 1252826 for CVE-2025-40056",
"url": "https://bugzilla.suse.com/1252826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40056"
},
{
"cve": "CVE-2025-40058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Disallow dirty tracking if incoherent page walk\n\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn\u0027t work.\n\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\n in a paging-structure entry that is not snooped will result in a non-\n recoverable fault.\"\n\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40058",
"url": "https://www.suse.com/security/cve/CVE-2025-40058"
},
{
"category": "external",
"summary": "SUSE Bug 1252854 for CVE-2025-40058",
"url": "https://bugzilla.suse.com/1252854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40058"
},
{
"cve": "CVE-2025-40060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: trbe: Return NULL pointer for allocation failures\n\nWhen the TRBE driver fails to allocate a buffer, it currently returns\nthe error code \"-ENOMEM\". However, the caller etm_setup_aux() only\nchecks for a NULL pointer, so it misses the error. As a result, the\ndriver continues and eventually causes a kernel panic.\n\nFix this by returning a NULL pointer from arm_trbe_alloc_buffer() on\nallocation failures. This allows that the callers can properly handle\nthe failure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40060",
"url": "https://www.suse.com/security/cve/CVE-2025-40060"
},
{
"category": "external",
"summary": "SUSE Bug 1252848 for CVE-2025-40060",
"url": "https://bugzilla.suse.com/1252848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40060"
},
{
"cve": "CVE-2025-40061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix race in do_task() when draining\n\nWhen do_task() exhausts its iteration budget (!ret), it sets the state\nto TASK_STATE_IDLE to reschedule, without a secondary check on the\ncurrent task-\u003estate. This can overwrite the TASK_STATE_DRAINING state\nset by a concurrent call to rxe_cleanup_task() or rxe_disable_task().\n\nWhile state changes are protected by a spinlock, both rxe_cleanup_task()\nand rxe_disable_task() release the lock while waiting for the task to\nfinish draining in the while(!is_done(task)) loop. The race occurs if\ndo_task() hits its iteration limit and acquires the lock in this window.\nThe cleanup logic may then proceed while the task incorrectly\nreschedules itself, leading to a potential use-after-free.\n\nThis bug was introduced during the migration from tasklets to workqueues,\nwhere the special handling for the draining case was lost.\n\nFix this by restoring the original pre-migration behavior. If the state is\nTASK_STATE_DRAINING when iterations are exhausted, set cont to 1 to\nforce a new loop iteration. This allows the task to finish its work, so\nthat a subsequent iteration can reach the switch statement and correctly\ntransition the state to TASK_STATE_DRAINED, stopping the task as intended.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40061",
"url": "https://www.suse.com/security/cve/CVE-2025-40061"
},
{
"category": "external",
"summary": "SUSE Bug 1252849 for CVE-2025-40061",
"url": "https://bugzilla.suse.com/1252849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40061"
},
{
"cve": "CVE-2025-40062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40062"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: hisilicon/qm - set NULL to qm-\u003edebug.qm_diff_regs\n\nWhen the initialization of qm-\u003edebug.acc_diff_reg fails,\nthe probe process does not exit. However, after qm-\u003edebug.qm_diff_regs is\nfreed, it is not set to NULL. This can lead to a double free when the\nremove process attempts to free it again. Therefore, qm-\u003edebug.qm_diff_regs\nshould be set to NULL after it is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40062",
"url": "https://www.suse.com/security/cve/CVE-2025-40062"
},
{
"category": "external",
"summary": "SUSE Bug 1252850 for CVE-2025-40062",
"url": "https://bugzilla.suse.com/1252850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40062"
},
{
"cve": "CVE-2025-40071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: Don\u0027t block input queue by waiting MSC\n\nCurrently gsm_queue() processes incoming frames and when opening\na DLC channel it calls gsm_dlci_open() which calls gsm_modem_update().\nIf basic mode is used it calls gsm_modem_upd_via_msc() and it\ncannot block the input queue by waiting the response to come\ninto the same input queue.\n\nInstead allow sending Modem Status Command without waiting for remote\nend to respond. Define a new function gsm_modem_send_initial_msc()\nfor this purpose. As MSC is only valid for basic encoding, it does\nnot do anything for advanced or when convergence layer type 2 is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40071",
"url": "https://www.suse.com/security/cve/CVE-2025-40071"
},
{
"category": "external",
"summary": "SUSE Bug 1252797 for CVE-2025-40071",
"url": "https://bugzilla.suse.com/1252797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40071"
},
{
"cve": "CVE-2025-40078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Explicitly check accesses to bpf_sock_addr\n\nSyzkaller found a kernel warning on the following sock_addr program:\n\n 0: r0 = 0\n 1: r2 = *(u32 *)(r1 +60)\n 2: exit\n\nwhich triggers:\n\n verifier bug: error during ctx access conversion (0)\n\nThis is happening because offset 60 in bpf_sock_addr corresponds to an\nimplicit padding of 4 bytes, right after msg_src_ip4. Access to this\npadding isn\u0027t rejected in sock_addr_is_valid_access and it thus later\nfails to convert the access.\n\nThis patch fixes it by explicitly checking the various fields of\nbpf_sock_addr in sock_addr_is_valid_access.\n\nI checked the other ctx structures and is_valid_access functions and\ndidn\u0027t find any other similar cases. Other cases of (properly handled)\npadding are covered in new tests in a subsequent patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40078",
"url": "https://www.suse.com/security/cve/CVE-2025-40078"
},
{
"category": "external",
"summary": "SUSE Bug 1252789 for CVE-2025-40078",
"url": "https://bugzilla.suse.com/1252789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40078"
},
{
"cve": "CVE-2025-40080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: restrict sockets to TCP and UDP\n\nRecently, syzbot started to abuse NBD with all kinds of sockets.\n\nCommit cf1b2326b734 (\"nbd: verify socket is supported during setup\")\nmade sure the socket supported a shutdown() method.\n\nExplicitely accept TCP and UNIX stream sockets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40080",
"url": "https://www.suse.com/security/cve/CVE-2025-40080"
},
{
"category": "external",
"summary": "SUSE Bug 1252774 for CVE-2025-40080",
"url": "https://bugzilla.suse.com/1252774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40080"
},
{
"cve": "CVE-2025-40082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n\nBUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\nRead of size 2 at addr ffff8880289ef218 by task syz.6.248/14290\n\nCPU: 0 UID: 0 PID: 14290 Comm: syz.6.248 Not tainted 6.16.4 #1 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1b0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x5f0 mm/kasan/report.c:482\n kasan_report+0xca/0x100 mm/kasan/report.c:595\n hfsplus_uni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186\n hfsplus_listxattr+0x5b6/0xbd0 fs/hfsplus/xattr.c:738\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe0e9fae16d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fe0eae67f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3\nRAX: ffffffffffffffda RBX: 00007fe0ea205fa0 RCX: 00007fe0e9fae16d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000\nRBP: 00007fe0ea0480f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fe0ea206038 R14: 00007fe0ea205fa0 R15: 00007fe0eae48000\n \u003c/TASK\u003e\n\nAllocated by task 14290:\n kasan_save_stack+0x24/0x50 mm/kasan/common.c:47\n kasan_save_track+0x14/0x30 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4333 [inline]\n __kmalloc_noprof+0x219/0x540 mm/slub.c:4345\n kmalloc_noprof include/linux/slab.h:909 [inline]\n hfsplus_find_init+0x95/0x1f0 fs/hfsplus/bfind.c:21\n hfsplus_listxattr+0x331/0xbd0 fs/hfsplus/xattr.c:697\n vfs_listxattr+0xbe/0x140 fs/xattr.c:493\n listxattr+0xee/0x190 fs/xattr.c:924\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x143/0x360 fs/xattr.c:988\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcb/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nWhen hfsplus_uni2asc is called from hfsplus_listxattr,\nit actually passes in a struct hfsplus_attr_unistr*.\nThe size of the corresponding structure is different from that of hfsplus_unistr,\nso the previous fix (94458781aee6) is insufficient.\nThe pointer on the unicode buffer is still going beyond the allocated memory.\n\nThis patch introduces two warpper functions hfsplus_uni2asc_xattr_str and\nhfsplus_uni2asc_str to process two unicode buffers,\nstruct hfsplus_attr_unistr* and struct hfsplus_unistr* respectively.\nWhen ustrlen value is bigger than the allocated memory size,\nthe ustrlen value is limited to an safe size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40082",
"url": "https://www.suse.com/security/cve/CVE-2025-40082"
},
{
"category": "external",
"summary": "SUSE Bug 1252775 for CVE-2025-40082",
"url": "https://bugzilla.suse.com/1252775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40082"
},
{
"cve": "CVE-2025-40085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix NULL pointer deference in try_to_register_card\n\nIn try_to_register_card(), the return value of usb_ifnum_to_if() is\npassed directly to usb_interface_claimed() without a NULL check, which\nwill lead to a NULL pointer dereference when creating an invalid\nUSB audio device. Fix this by adding a check to ensure the interface\npointer is valid before passing it to usb_interface_claimed().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40085",
"url": "https://www.suse.com/security/cve/CVE-2025-40085"
},
{
"category": "external",
"summary": "SUSE Bug 1252873 for CVE-2025-40085",
"url": "https://bugzilla.suse.com/1252873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40085"
},
{
"cve": "CVE-2025-40087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40087"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\n\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40087",
"url": "https://www.suse.com/security/cve/CVE-2025-40087"
},
{
"category": "external",
"summary": "SUSE Bug 1252909 for CVE-2025-40087",
"url": "https://bugzilla.suse.com/1252909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40087"
},
{
"cve": "CVE-2025-40088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n\nThe hfsplus_strcasecmp() logic can trigger the issue:\n\n[ 117.317703][ T9855] ==================================================================\n[ 117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[ 117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[ 117.319577][ T9855]\n[ 117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[ 117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 117.319783][ T9855] Call Trace:\n[ 117.319785][ T9855] \u003cTASK\u003e\n[ 117.319788][ T9855] dump_stack_lvl+0x1c1/0x2a0\n[ 117.319795][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319803][ T9855] ? __pfx_dump_stack_lvl+0x10/0x10\n[ 117.319808][ T9855] ? rcu_is_watching+0x15/0xb0\n[ 117.319816][ T9855] ? lock_release+0x4b/0x3e0\n[ 117.319821][ T9855] ? __kasan_check_byte+0x12/0x40\n[ 117.319828][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319835][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319842][ T9855] print_report+0x17e/0x7e0\n[ 117.319848][ T9855] ? __virt_addr_valid+0x1c8/0x5c0\n[ 117.319855][ T9855] ? __virt_addr_valid+0x4a5/0x5c0\n[ 117.319862][ T9855] ? __phys_addr+0xd3/0x180\n[ 117.319869][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319876][ T9855] kasan_report+0x147/0x180\n[ 117.319882][ T9855] ? hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319891][ T9855] hfsplus_strcasecmp+0x1bc/0x490\n[ 117.319900][ T9855] ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[ 117.319906][ T9855] hfs_find_rec_by_key+0xa9/0x1e0\n[ 117.319913][ T9855] __hfsplus_brec_find+0x18e/0x470\n[ 117.319920][ T9855] ? __pfx_hfsplus_bnode_find+0x10/0x10\n[ 117.319926][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319933][ T9855] ? __pfx___hfsplus_brec_find+0x10/0x10\n[ 117.319942][ T9855] hfsplus_brec_find+0x28f/0x510\n[ 117.319949][ T9855] ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[ 117.319956][ T9855] ? __pfx_hfsplus_brec_find+0x10/0x10\n[ 117.319963][ T9855] ? __kmalloc_noprof+0x2a9/0x510\n[ 117.319969][ T9855] ? hfsplus_find_init+0x8c/0x1d0\n[ 117.319976][ T9855] hfsplus_brec_read+0x2b/0x120\n[ 117.319983][ T9855] hfsplus_lookup+0x2aa/0x890\n[ 117.319990][ T9855] ? __pfx_hfsplus_lookup+0x10/0x10\n[ 117.320003][ T9855] ? d_alloc_parallel+0x2f0/0x15e0\n[ 117.320008][ T9855] ? __lock_acquire+0xaec/0xd80\n[ 117.320013][ T9855] ? __pfx_d_alloc_parallel+0x10/0x10\n[ 117.320019][ T9855] ? __raw_spin_lock_init+0x45/0x100\n[ 117.320026][ T9855] ? __init_waitqueue_head+0xa9/0x150\n[ 117.320034][ T9855] __lookup_slow+0x297/0x3d0\n[ 117.320039][ T9855] ? __pfx___lookup_slow+0x10/0x10\n[ 117.320045][ T9855] ? down_read+0x1ad/0x2e0\n[ 117.320055][ T9855] lookup_slow+0x53/0x70\n[ 117.320065][ T9855] walk_component+0x2f0/0x430\n[ 117.320073][ T9855] path_lookupat+0x169/0x440\n[ 117.320081][ T9855] filename_lookup+0x212/0x590\n[ 117.320089][ T9855] ? __pfx_filename_lookup+0x10/0x10\n[ 117.320098][ T9855] ? strncpy_from_user+0x150/0x290\n[ 117.320105][ T9855] ? getname_flags+0x1e5/0x540\n[ 117.320112][ T9855] user_path_at+0x3a/0x60\n[ 117.320117][ T9855] __x64_sys_umount+0xee/0x160\n[ 117.320123][ T9855] ? __pfx___x64_sys_umount+0x10/0x10\n[ 117.320129][ T9855] ? do_syscall_64+0xb7/0x3a0\n[ 117.320135][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320141][ T9855] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320145][ T9855] do_syscall_64+0xf3/0x3a0\n[ 117.320150][ T9855] ? exc_page_fault+0x9f/0xf0\n[ 117.320154][ T9855] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[ 117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[ 117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40088",
"url": "https://www.suse.com/security/cve/CVE-2025-40088"
},
{
"category": "external",
"summary": "SUSE Bug 1252904 for CVE-2025-40088",
"url": "https://bugzilla.suse.com/1252904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40088"
},
{
"cve": "CVE-2025-40096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40096",
"url": "https://www.suse.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "SUSE Bug 1252902 for CVE-2025-40096",
"url": "https://bugzilla.suse.com/1252902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40096"
},
{
"cve": "CVE-2025-40100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40100"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not assert we found block group item when creating free space tree\n\nCurrently, when building a free space tree at populate_free_space_tree(),\nif we are not using the block group tree feature, we always expect to find\nblock group items (either extent items or a block group item with key type\nBTRFS_BLOCK_GROUP_ITEM_KEY) when we search the extent tree with\nbtrfs_search_slot_for_read(), so we assert that we found an item. However\nthis expectation is wrong since we can have a new block group created in\nthe current transaction which is still empty and for which we still have\nnot added the block group\u0027s item to the extent tree, in which case we do\nnot have any items in the extent tree associated to the block group.\n\nThe insertion of a new block group\u0027s block group item in the extent tree\nhappens at btrfs_create_pending_block_groups() when it calls the helper\ninsert_block_group_item(). This typically is done when a transaction\nhandle is released, committed or when running delayed refs (either as\npart of a transaction commit or when serving tickets for space reservation\nif we are low on free space).\n\nSo remove the assertion at populate_free_space_tree() even when the block\ngroup tree feature is not enabled and update the comment to mention this\ncase.\n\nSyzbot reported this with the following stack trace:\n\n BTRFS info (device loop3 state M): rebuilding free space tree\n assertion failed: ret == 0 :: 0, in fs/btrfs/free-space-tree.c:1115\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/free-space-tree.c:1115!\n Oops: invalid opcode: 0000 [#1] SMP KASAN PTI\n CPU: 1 UID: 0 PID: 6352 Comm: syz.3.25 Not tainted syzkaller #0 PREEMPT(full)\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\n RIP: 0010:populate_free_space_tree+0x700/0x710 fs/btrfs/free-space-tree.c:1115\n Code: ff ff e8 d3 (...)\n RSP: 0018:ffffc9000430f780 EFLAGS: 00010246\n RAX: 0000000000000043 RBX: ffff88805b709630 RCX: fea61d0e2e79d000\n RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000\n RBP: ffffc9000430f8b0 R08: ffffc9000430f4a7 R09: 1ffff92000861e94\n R10: dffffc0000000000 R11: fffff52000861e95 R12: 0000000000000001\n R13: 1ffff92000861f00 R14: dffffc0000000000 R15: 0000000000000000\n FS: 00007f424d9fe6c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd78ad212c0 CR3: 0000000076d68000 CR4: 00000000003526f0\n Call Trace:\n \u003cTASK\u003e\n btrfs_rebuild_free_space_tree+0x1ba/0x6d0 fs/btrfs/free-space-tree.c:1364\n btrfs_start_pre_rw_mount+0x128f/0x1bf0 fs/btrfs/disk-io.c:3062\n btrfs_remount_rw fs/btrfs/super.c:1334 [inline]\n btrfs_reconfigure+0xaed/0x2160 fs/btrfs/super.c:1559\n reconfigure_super+0x227/0x890 fs/super.c:1076\n do_remount fs/namespace.c:3279 [inline]\n path_mount+0xd1a/0xfe0 fs/namespace.c:4027\n do_mount fs/namespace.c:4048 [inline]\n __do_sys_mount fs/namespace.c:4236 [inline]\n __se_sys_mount+0x313/0x410 fs/namespace.c:4213\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f424e39066a\n Code: d8 64 89 02 (...)\n RSP: 002b:00007f424d9fde68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5\n RAX: ffffffffffffffda RBX: 00007f424d9fdef0 RCX: 00007f424e39066a\n RDX: 0000200000000180 RSI: 0000200000000380 RDI: 0000000000000000\n RBP: 0000200000000180 R08: 00007f424d9fdef0 R09: 0000000000000020\n R10: 0000000000000020 R11: 0000000000000246 R12: 0000200000000380\n R13: 00007f424d9fdeb0 R14: 0000000000000000 R15: 00002000000002c0\n \u003c/TASK\u003e\n Modules linked in:\n ---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40100",
"url": "https://www.suse.com/security/cve/CVE-2025-40100"
},
{
"category": "external",
"summary": "SUSE Bug 1252918 for CVE-2025-40100",
"url": "https://bugzilla.suse.com/1252918"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-36.1.21.13.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-36.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-36.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-13T15:32:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-40100"
}
]
}
SUSE-SU-2025:4057-1
Vulnerability from csaf_suse - Published: 2025-11-11 18:36 - Updated: 2025-11-11 18:36Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39832: net/mlx5: Add sync reset drop mode support (bsc#1249901).
- CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292).
- CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275).
- CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742).
- CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI/processor_idle: Add FFH state handling (jsc#PED-13815).
- ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815).
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- ACPI: processor: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- cpuidle: Do not return from cpuidle_play_dead() on callback failures (jsc#PED-13815).
- dpll: Make ZL3073X invisible (bsc#1252253).
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
- dpll: zl3073x: Fix build failure (bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
- dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (bsc#1252253).
- drm/amd : Update MES API header file for v11 & v12 (stable-fixes).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112).
- drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112).
- drm/amd/include : MES v11 and v12 API header update (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update (stable-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume (bsc#1243112).
- drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- intel_idle: Provide the default enter_dead() handler (jsc#PED-13815).
- intel_idle: Rescan 'dead' SMT siblings during initialization (jsc#PED-13815).
- intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500).
- nvme-tcp: send only permitted commands for secure concat (git-fixes bsc#1247683).
- nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- platform/x86/amd/pmc: Add 1Ah family series to STB support list (bsc#1243112).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (bsc#1243112).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (bsc#1243112).
- platform/x86/amd/pmc: Add VPE information for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Add idlemask support for 1Ah family (bsc#1243112).
- platform/x86/amd/pmc: Extend support for PMC features on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Fix SMU command submission path on new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Modify SMU message port for latest AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Notify user when platform does not support s0ix transition (bsc#1243112).
- platform/x86/amd/pmc: Remove unnecessary line breaks (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Update IP information structure for newer SoCs (bsc#1243112).
- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips information (bsc#1243112).
- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver probe (bsc#1243112).
- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).
- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne (bsc#1243112).
- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519).
- scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes (bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469) Re-enable CONFIG_SERIAL_SC16IS7X for aarch64 and x86_64 default configurations, but keep it disabled for kvmsmall configurations. For ppc64 and s390x drivers was not enabled, so keep it that way. Add sc16is7xx_spi and sc16is7xx_i2c drivers to supported list.
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815).
- x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815).
- x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815).
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
Patchnames
SUSE-2025-4057,SUSE-SLE-Module-Basesystem-15-SP7-2025-4057,SUSE-SLE-Module-Development-Tools-15-SP7-2025-4057,SUSE-SLE-Module-Legacy-15-SP7-2025-4057,SUSE-SLE-Module-Live-Patching-15-SP7-2025-4057,SUSE-SLE-Product-HA-15-SP7-2025-4057,SUSE-SLE-Product-WE-15-SP7-2025-4057
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).